Vulnerability Database

314,343

Total vulnerabilities in the database

CVE-2015-5956

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

  • Published: Sep 16, 2015
  • Updated: Nov 9, 2025
  • CVE: CVE-2015-5956
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
typo3 / typo3 6.2.1 6.2.1.x
typo3 / typo3 6.2.8 6.2.8.x
typo3 / typo3 6.2.0-beta1 6.2.0-beta1.x
typo3 / typo3 7.0.0 7.0.0.x
typo3 / typo3 6.2.4 6.2.4.x
typo3 / typo3 6.0.11 6.0.11.x
typo3 / typo3 6.0.1 6.0.1.x
typo3 / typo3 6.1.3 6.1.3.x
typo3 / typo3 6.2.5 6.2.5.x
typo3 / typo3 6.0.10 6.0.10.x
typo3 / typo3 6.2.11 6.2.11.x
typo3 / typo3 6.1.9 6.1.9.x
typo3 / typo3 6.2.14 6.2.14.x
typo3 / typo3 6.1.6 6.1.6.x
typo3 / typo3 6.0.8 6.0.8.x
typo3 / typo3 6.0.3 6.0.3.x
typo3 / typo3 6.1.1 6.1.1.x
typo3 / typo3 6.0.2 6.0.2.x
typo3 / typo3 6.2 6.2.x
typo3 / typo3 6.0 6.0.x
typo3 / typo3 6.1.5 6.1.5.x
typo3 / typo3 7.2.0 7.2.0.x
typo3 / typo3 6.0.13 6.0.13.x
typo3 / typo3 6.2.3 6.2.3.x
typo3 / typo3 - 4.5.40.x
typo3 / typo3 6.2.2 6.2.2.x
typo3 / typo3 6.0.9 6.0.9.x
typo3 / typo3 6.0.6 6.0.6.x
typo3 / typo3 7.3.0 7.3.0.x
typo3 / typo3 6.2.0-beta3 6.2.0-beta3.x
typo3 / typo3 6.1.4 6.1.4.x
typo3 / typo3 6.0.14 6.0.14.x
typo3 / typo3 6.2.12 6.2.12.x
typo3 / typo3 6.1.7 6.1.7.x
typo3 / typo3 7.1.0 7.1.0.x
typo3 / typo3 6.2.6 6.2.6.x
typo3 / typo3 6.0.5 6.0.5.x
typo3 / typo3 6.0.12 6.0.12.x
typo3 / typo3 6.2.13 6.2.13.x
typo3 / typo3 6.1 6.1.x
typo3 / typo3 6.2.9 6.2.9.x
typo3 / typo3 6.2.7 6.2.7.x
typo3 / typo3 6.1.8 6.1.8.x
typo3 / typo3 6.2.10 6.2.10.x
typo3 / typo3 6.0.7 6.0.7.x
typo3 / typo3 6.1.2 6.1.2.x
typo3 / typo3 6.2.0-beta2 6.2.0-beta2.x
typo3 / typo3 6.0.4 6.0.4.x