Skip to main content

Typo3 CVE-2020-8091

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2020-01-27 cve@mitre.org
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Jan 27, 2020 - 22:15 nvd
MEDIUM 6.1

DescriptionNVD

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.

AnalysisAI

svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. Affected products include: Typo3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Typo3

View all
CVE-2017-14251 HIGH POC
8.8 Sep 11

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php i

CVE-2014-9509 HIGH POC
7.5 Jan 04

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, w

CVE-2016-4056 MEDIUM POC
6.1 Jan 23

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers t

CVE-2023-24814 MEDIUM POC
6.1 Feb 07

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. Rated medium

CVE-2020-26227 MEDIUM POC
6.1 Nov 23

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 6.1), this vulnerability is

CVE-2020-15241 MEDIUM POC
6.1 Oct 08

TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vul

CVE-2020-11066 CRITICAL
10.0 May 14

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.

CVE-2021-21365 MEDIUM POC
5.4 Apr 27

Bootstrap Package is a theme for TYPO3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, lo

CVE-2017-6370 MEDIUM POC
5.3 Mar 17

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote

CVE-2024-34537 MEDIUM POC
4.9 Oct 28

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an

CVE-2022-23503 HIGH
8.8 Dec 14

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.8), this vulnerability is r

CVE-2021-41113 HIGH
8.8 Oct 05

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated high severity (CVSS 8.

Share

CVE-2020-8091 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy