CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 1CVE-2017-5963
https://notcve.org/view.php?id=CVE-2017-5963
An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se descubrió un problema en caddy (para TYPO3) en versiones anteriores a 7.2.10. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro "paymillToken" de HTTP POST pasado a la URL "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php". • http://www.securityfocus.com/bid/96198 https://forge.typo3.org/issues/79325 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •