CVE-2021-43561
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
Se ha detectado un problema de tipo XSS en la extensión google_for_jobs (también se conoce como Google for Jobs) versiones anteriores a 1.5.1 y versiones 2.x anteriores a 2.1.1 para TYPO3. La extensión no codifica correctamente la entrada del usuario para la salida en el contexto HTML. Es requerida una cuenta de usuario del backend de TYPO3 para explotar la vulnerabilidad
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-09 CVE Reserved
- 2021-11-10 CVE Published
- 2023-06-03 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://typo3.org/security/advisory/typo3-ext-sa-2021-015 | 2021-11-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pega-sus Search vendor "Pega-sus" | Google For Jobs Search vendor "Pega-sus" for product "Google For Jobs" | < 1.5.1 Search vendor "Pega-sus" for product "Google For Jobs" and version " < 1.5.1" | typo3 |
Affected
| ||||||
| Pega-sus Search vendor "Pega-sus" | Google For Jobs Search vendor "Pega-sus" for product "Google For Jobs" | >= 2.0.0 < 2.1.1 Search vendor "Pega-sus" for product "Google For Jobs" and version " >= 2.0.0 < 2.1.1" | typo3 |
Affected
| ||||||