// For flags

CVE-2015-5956

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting

Severity Score

3.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

Vulnerabilidad en la función sanitizeLocalUrl en TYPO3 6.x en versiones anteriores a 6.2.15, 7.x en versiones anteriores a 7.4.0, 4.5.40 y versiones anteriores, permite a usuarios remotos autenticados eludir el filtro XSS y realizar ataques de XSS a través de un URI de datos codificados en base64, según lo demostrado por el (1) parámetro returnUrl en show_rechis.php y (2) parámetro redirect_url en index.php.

Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-08-06 CVE Reserved
  • 2015-09-14 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
<= 4.5.40
Search vendor "Typo3" for product "Typo3" and version " <= 4.5.40"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0
Search vendor "Typo3" for product "Typo3" and version "6.0"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.1
Search vendor "Typo3" for product "Typo3" and version "6.0.1"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.2
Search vendor "Typo3" for product "Typo3" and version "6.0.2"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.3
Search vendor "Typo3" for product "Typo3" and version "6.0.3"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.4
Search vendor "Typo3" for product "Typo3" and version "6.0.4"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.5
Search vendor "Typo3" for product "Typo3" and version "6.0.5"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.6
Search vendor "Typo3" for product "Typo3" and version "6.0.6"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.7
Search vendor "Typo3" for product "Typo3" and version "6.0.7"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.8
Search vendor "Typo3" for product "Typo3" and version "6.0.8"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.9
Search vendor "Typo3" for product "Typo3" and version "6.0.9"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.10
Search vendor "Typo3" for product "Typo3" and version "6.0.10"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.11
Search vendor "Typo3" for product "Typo3" and version "6.0.11"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.12
Search vendor "Typo3" for product "Typo3" and version "6.0.12"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.13
Search vendor "Typo3" for product "Typo3" and version "6.0.13"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.0.14
Search vendor "Typo3" for product "Typo3" and version "6.0.14"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1
Search vendor "Typo3" for product "Typo3" and version "6.1"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.1
Search vendor "Typo3" for product "Typo3" and version "6.1.1"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.2
Search vendor "Typo3" for product "Typo3" and version "6.1.2"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.3
Search vendor "Typo3" for product "Typo3" and version "6.1.3"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.4
Search vendor "Typo3" for product "Typo3" and version "6.1.4"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.5
Search vendor "Typo3" for product "Typo3" and version "6.1.5"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.6
Search vendor "Typo3" for product "Typo3" and version "6.1.6"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.7
Search vendor "Typo3" for product "Typo3" and version "6.1.7"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.8
Search vendor "Typo3" for product "Typo3" and version "6.1.8"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.1.9
Search vendor "Typo3" for product "Typo3" and version "6.1.9"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2
Search vendor "Typo3" for product "Typo3" and version "6.2"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.0
Search vendor "Typo3" for product "Typo3" and version "6.2.0"
beta1
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.0
Search vendor "Typo3" for product "Typo3" and version "6.2.0"
beta2
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.0
Search vendor "Typo3" for product "Typo3" and version "6.2.0"
beta3
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.1
Search vendor "Typo3" for product "Typo3" and version "6.2.1"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.2
Search vendor "Typo3" for product "Typo3" and version "6.2.2"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.3
Search vendor "Typo3" for product "Typo3" and version "6.2.3"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.4
Search vendor "Typo3" for product "Typo3" and version "6.2.4"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.5
Search vendor "Typo3" for product "Typo3" and version "6.2.5"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.6
Search vendor "Typo3" for product "Typo3" and version "6.2.6"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.7
Search vendor "Typo3" for product "Typo3" and version "6.2.7"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.8
Search vendor "Typo3" for product "Typo3" and version "6.2.8"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.9
Search vendor "Typo3" for product "Typo3" and version "6.2.9"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.10
Search vendor "Typo3" for product "Typo3" and version "6.2.10"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.11
Search vendor "Typo3" for product "Typo3" and version "6.2.11"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.12
Search vendor "Typo3" for product "Typo3" and version "6.2.12"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.13
Search vendor "Typo3" for product "Typo3" and version "6.2.13"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
6.2.14
Search vendor "Typo3" for product "Typo3" and version "6.2.14"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
7.0.0
Search vendor "Typo3" for product "Typo3" and version "7.0.0"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
7.1.0
Search vendor "Typo3" for product "Typo3" and version "7.1.0"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
7.2.0
Search vendor "Typo3" for product "Typo3" and version "7.2.0"
-
Affected
Typo3
Search vendor "Typo3"
Typo3
Search vendor "Typo3" for product "Typo3"
7.3.0
Search vendor "Typo3" for product "Typo3" and version "7.3.0"
-
Affected