CVE-2015-8759

Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.

Published: Jan 8, 2016
Updated: Apr 13, 2023
CVE: CVE-2015-8759
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
typo3 / typo3	6.2.1	6.2.1.x
typo3 / typo3	6.2.8	6.2.8.x
typo3 / typo3	6.2.0-beta1	6.2.0-beta1.x
typo3 / typo3	7.0.0	7.0.0.x
typo3 / typo3	7.6.0	7.6.0.x
typo3 / typo3	6.2.4	6.2.4.x
typo3 / typo3	7.0.2	7.0.2.x
typo3 / typo3	6.2.5	6.2.5.x
typo3 / typo3	6.2.11	6.2.11.x
typo3 / typo3	6.2.15	6.2.15.x
typo3 / typo3	7.4.0	7.4.0.x
typo3 / typo3	6.2.14	6.2.14.x
typo3 / typo3	7.3.1	7.3.1.x
typo3 / typo3	7.5.0	7.5.0.x
typo3 / typo3	6.2	6.2.x
typo3 / typo3	7.2.0	7.2.0.x
typo3 / typo3	6.2.3	6.2.3.x
typo3 / typo3	6.2.2	6.2.2.x
typo3 / typo3	6.2.0-beta6	6.2.0-beta6.x
typo3 / typo3	6.2.0-alpha2	6.2.0-alpha2.x
typo3 / typo3	7.3.0	7.3.0.x
typo3 / typo3	6.2.0-beta7	6.2.0-beta7.x
typo3 / typo3	6.2.0-rc2	6.2.0-rc2.x
typo3 / typo3	6.2.0-beta3	6.2.0-beta3.x
typo3 / typo3	6.2.0-alpha1	6.2.0-alpha1.x
typo3 / typo3	6.2.0-beta5	6.2.0-beta5.x
typo3 / typo3	6.2.12	6.2.12.x
typo3 / typo3	7.1.0	7.1.0.x
typo3 / typo3	6.2.10-rc1	6.2.10-rc1.x
typo3 / typo3	6.2.6	6.2.6.x
typo3 / typo3	6.2.13	6.2.13.x
typo3 / typo3	6.2.9	6.2.9.x
typo3 / typo3	6.2.0-beta4	6.2.0-beta4.x
typo3 / typo3	6.2.7	6.2.7.x
typo3 / typo3	6.2.0-rc1	6.2.0-rc1.x
typo3 / typo3	7.6.1	7.6.1.x
typo3 / typo3	6.2.10	6.2.10.x
typo3 / typo3	6.2.0-alpha3	6.2.0-alpha3.x
typo3 / typo3	6.2.0-beta2	6.2.0-beta2.x

Vulnerability Database

290,206

CVE-2015-8759