CVE-2012-3531

Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
typo3typo3
4.5
typo3typo3
4.5.0
typo3typo3
4.5.1
typo3typo3
4.5.2
typo3typo3
4.5.3
typo3typo3
4.5.4
typo3typo3
4.5.5
typo3typo3
4.5.6
typo3typo3
4.5.7
typo3typo3
4.5.8
typo3typo3
4.5.9
typo3typo3
4.5.10
typo3typo3
4.5.11
typo3typo3
4.5.12
typo3typo3
4.5.13
typo3typo3
4.5.14
typo3typo3
4.5.15
typo3typo3
4.5.16
typo3typo3
4.5.17
typo3typo3
4.5.18
typo3typo3
4.6
typo3typo3
4.6.0
typo3typo3
4.6.1
typo3typo3
4.6.2
typo3typo3
4.6.3
typo3typo3
4.6.4
typo3typo3
4.6.5
typo3typo3
4.6.6
typo3typo3
4.6.7
typo3typo3
4.6.8
typo3typo3
4.6.9
typo3typo3
4.6.10
typo3typo3
4.6.11
typo3typo3
4.7
typo3typo3
4.7.0
typo3typo3
4.7.1
typo3typo3
4.7.2
typo3typo3
4.7.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
typo3-src
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
ignored
oneiric
ignored
natty
Fixed 4.3.9+dfsg1-1+squeeze5build0.11.04.1
released
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
http://www.debian.org/security/2012/dsa-2537
http://www.openwall.com/lists/oss-security/2012/08/22/8
https://exchange.xforce.ibmcloud.com/vulnerabilities/78888
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
http://www.debian.org/security/2012/dsa-2537
http://www.openwall.com/lists/oss-security/2012/08/22/8
https://exchange.xforce.ibmcloud.com/vulnerabilities/78888