Vulnerability Database

296,621

Total vulnerabilities in the database

CVE-2013-7082

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.

  • Published: Dec 21, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-7082
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Composer icon typo3 / flow 2.0.0 2.0.0.x
Composer icon typo3 / flow 1.1.0 1.1.0.x