CVE-2014-3943

low

Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.

References

http://www.securityfocus.com/bid/67625

http://www.openwall.com/lists/oss-security/2014/06/03/2

http://www.debian.org/security/2014/dsa-2942

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/

http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html

Details

Source: Mitre, NVD

Published: 2014-06-03

Updated: 2017-12-29

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Severity: Low