Skip to main content

Typo3 CVE-2015-8756

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2016-01-08 cve@mitre.org
5.4
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 08, 2016 - 19:59 cve.org
MEDIUM 5.4

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. Affected products include: Typo3. Version information: before 6.2.16.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Typo3

View all
CVE-2017-14251 HIGH POC
8.8 Sep 11

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php i

CVE-2014-9509 HIGH POC
7.5 Jan 04

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, w

CVE-2016-4056 MEDIUM POC
6.1 Jan 23

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers t

CVE-2023-24814 MEDIUM POC
6.1 Feb 07

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. Rated medium

CVE-2020-26227 MEDIUM POC
6.1 Nov 23

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 6.1), this vulnerability is

CVE-2020-15241 MEDIUM POC
6.1 Oct 08

TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vul

CVE-2020-8091 MEDIUM POC
6.1 Jan 27

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cr

CVE-2020-11066 CRITICAL
10.0 May 14

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.

CVE-2021-21365 MEDIUM POC
5.4 Apr 27

Bootstrap Package is a theme for TYPO3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, lo

CVE-2017-6370 MEDIUM POC
5.3 Mar 17

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote

CVE-2024-34537 MEDIUM POC
4.9 Oct 28

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an

CVE-2022-23503 HIGH
8.8 Dec 14

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.8), this vulnerability is r

Share

CVE-2015-8756 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy