Back to search
CVE-2013-7078
Published: Jan 19, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001
mailing-list
x_refsource_MLIST
[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001
mailing-list
x_refsource_MLIST
64239
vdb-entry
x_refsource_BID
extbase-actioncontroller-xss(89629)
vdb-entry
x_refsource_XF
100885
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now