Wiz
Vulnerability DatabaseGHSA-hq37-rfjc-mr8h

GHSA-hq37-rfjc-mr8h
PHP vulnerability analysis and mitigation

Overview

A Cross-Site Scripting (XSS) vulnerability was discovered in the TYPO3 Backend, specifically affecting the page module. The vulnerability was identified on July 13, 2016, and officially disclosed on September 13, 2016. It affects TYPO3 CMS versions 6.2.0 to 6.2.26, 7.6.0 to 7.6.10, and 8.0.0 to 8.3.0. The security issue was discovered and reported by Security Team Member Georg Ringer (TYPO3 Advisory).

Technical details

The vulnerability stems from improper encoding of user input in the page module of TYPO3's backend system. The severity is classified as Moderate with a suggested CVSS v2.0 score of AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C. The vulnerability is categorized as CWE-79 (Cross-Site Scripting) (GitHub Advisory).

Impact

The vulnerability allows for Cross-Site Scripting attacks through the TYPO3 Backend. However, the impact is somewhat limited as exploitation requires a valid backend user account with specific permissions to edit plugins (TYPO3 Advisory).

Mitigation and workarounds

The vulnerability has been patched in TYPO3 versions 6.2.27, 7.6.11, and 8.3.1. Users are advised to update to these patched versions to mitigate the vulnerability (TYPO3 Advisory).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo