CVE-2015-5956
EUVD-2022-332216.09.2015, 14:59
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| typo3 | typo3 | 𝑥 ≤ 4.5.40 |
| typo3 | typo3 | 6.0 |
| typo3 | typo3 | 6.0.1 |
| typo3 | typo3 | 6.0.2 |
| typo3 | typo3 | 6.0.3 |
| typo3 | typo3 | 6.0.4 |
| typo3 | typo3 | 6.0.5 |
| typo3 | typo3 | 6.0.6 |
| typo3 | typo3 | 6.0.7 |
| typo3 | typo3 | 6.0.8 |
| typo3 | typo3 | 6.0.9 |
| typo3 | typo3 | 6.0.10 |
| typo3 | typo3 | 6.0.11 |
| typo3 | typo3 | 6.0.12 |
| typo3 | typo3 | 6.0.13 |
| typo3 | typo3 | 6.0.14 |
| typo3 | typo3 | 6.1 |
| typo3 | typo3 | 6.1.1 |
| typo3 | typo3 | 6.1.2 |
| typo3 | typo3 | 6.1.3 |
| typo3 | typo3 | 6.1.4 |
| typo3 | typo3 | 6.1.5 |
| typo3 | typo3 | 6.1.6 |
| typo3 | typo3 | 6.1.7 |
| typo3 | typo3 | 6.1.8 |
| typo3 | typo3 | 6.1.9 |
| typo3 | typo3 | 6.2 |
| typo3 | typo3 | 6.2.0:beta1 |
| typo3 | typo3 | 6.2.0:beta2 |
| typo3 | typo3 | 6.2.0:beta3 |
| typo3 | typo3 | 6.2.1 |
| typo3 | typo3 | 6.2.2 |
| typo3 | typo3 | 6.2.3 |
| typo3 | typo3 | 6.2.4 |
| typo3 | typo3 | 6.2.5 |
| typo3 | typo3 | 6.2.6 |
| typo3 | typo3 | 6.2.7 |
| typo3 | typo3 | 6.2.8 |
| typo3 | typo3 | 6.2.9 |
| typo3 | typo3 | 6.2.10 |
| typo3 | typo3 | 6.2.11 |
| typo3 | typo3 | 6.2.12 |
| typo3 | typo3 | 6.2.13 |
| typo3 | typo3 | 6.2.14 |
| typo3 | typo3 | 7.0.0 |
| typo3 | typo3 | 7.1.0 |
| typo3 | typo3 | 7.2.0 |
| typo3 | typo3 | 7.3.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References