N/A

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

N/A

N/A

TYPO3 Extbase‘errorAction’方法跨站脚本漏洞

TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3中的Extbase Framework的ActionController基类中的errorAction方法中存在跨站脚本漏洞。当使用Rewritten Property Mapper时，远程攻击者可利用该漏洞注入任意Web脚本或HTML。以下版本受到影响：TYPO3 4.5.0至4.5.31版本，4.7.0至4.7.16版本，6.0.0至6.0.11版本，6.1.0至6.1.6版本。

N/A

N/A