CVE-2012-2112: XSS
First published: Mon Aug 27 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms | =4.7 | |
| composer/typo3/cms | >=4.6<4.6.8 | 4.6.8 |
| composer/typo3/cms | >=4.5<4.5.15 | 4.5.15 |
| composer/typo3/cms | >=4.4<4.4.15 | 4.4.15 |
| TYPO3 | =4.4.0 | |
| TYPO3 | =4.4.1 | |
| TYPO3 | =4.4.2 | |
| TYPO3 | =4.4.3 | |
| TYPO3 | =4.4.4 | |
| TYPO3 | =4.4.5 | |
| TYPO3 | =4.4.6 | |
| TYPO3 | =4.4.7 | |
| TYPO3 | =4.4.8 | |
| TYPO3 | =4.4.9 | |
| TYPO3 | =4.4.10 | |
| TYPO3 | =4.4.11 | |
| TYPO3 | =4.4.12 | |
| TYPO3 | =4.4.13 | |
| TYPO3 | =4.4.14 | |
| TYPO3 | =4.5.0 | |
| TYPO3 | =4.5.1 | |
| TYPO3 | =4.5.2 | |
| TYPO3 | =4.5.3 | |
| TYPO3 | =4.5.4 | |
| TYPO3 | =4.5.5 | |
| TYPO3 | =4.5.6 | |
| TYPO3 | =4.5.7 | |
| TYPO3 | =4.5.8 | |
| TYPO3 | =4.5.9 | |
| TYPO3 | =4.5.10 | |
| TYPO3 | =4.5.11 | |
| TYPO3 | =4.5.12 | |
| TYPO3 | =4.5.13 | |
| TYPO3 | =4.5.14 | |
| TYPO3 | =4.6.0 | |
| TYPO3 | =4.6.1 | |
| TYPO3 | =4.6.2 | |
| TYPO3 | =4.6.3 | |
| TYPO3 | =4.6.4 | |
| TYPO3 | =4.6.5 | |
| TYPO3 | =4.6.6 | |
| TYPO3 | =4.6.7 | |
| TYPO3 | =4.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2012-2112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74920
- http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html
- http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
- http://www.debian.org/security/2012/dsa-2455
- http://www.openwall.com/lists/oss-security/2012/04/17/5
- http://www.openwall.com/lists/oss-security/2012/04/18/1
- https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047
- https://github.com/advisories/GHSA-qfr3-29w6-hwpg (Advisory)
- http://www.securityfocus.com/bid/53047
Frequently Asked Questions
What is the severity of CVE-2012-2112?
CVE-2012-2112 has a medium severity level due to its potential for remote cross-site scripting attacks.
How do I fix CVE-2012-2112?
To fix CVE-2012-2112, upgrade TYPO3 to version 4.4.15, 4.5.15, 4.6.8, or later.
Which versions are affected by CVE-2012-2112?
CVE-2012-2112 affects TYPO3 versions 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7.
What type of vulnerability is CVE-2012-2112?
CVE-2012-2112 is a cross-site scripting (XSS) vulnerability.
What can attackers do with CVE-2012-2112?
Attackers can inject arbitrary web scripts or HTML into the application via exception messages.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-qfr3-29w6-hwpg
- alias/CVE-2012-2112
- agent/software-canonical-lookup
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.4.0
- version/typo3 typo3/4.4.1
- version/typo3 typo3/4.4.2
- version/typo3 typo3/4.4.3
- version/typo3 typo3/4.4.4
- version/typo3 typo3/4.4.5
- version/typo3 typo3/4.4.6
- version/typo3 typo3/4.4.7
- version/typo3 typo3/4.4.8
- version/typo3 typo3/4.4.9
- version/typo3 typo3/4.4.10
- version/typo3 typo3/4.4.11
- version/typo3 typo3/4.4.12
- version/typo3 typo3/4.4.13
- version/typo3 typo3/4.4.14
- version/typo3 typo3/4.5.0
- version/typo3 typo3/4.5.1
- version/typo3 typo3/4.5.2
- version/typo3 typo3/4.5.3
- version/typo3 typo3/4.5.4
- version/typo3 typo3/4.5.5
- version/typo3 typo3/4.5.6
- version/typo3 typo3/4.5.7
- version/typo3 typo3/4.5.8
- version/typo3 typo3/4.5.9
- version/typo3 typo3/4.5.10
- version/typo3 typo3/4.5.11
- version/typo3 typo3/4.5.12
- version/typo3 typo3/4.5.13
- version/typo3 typo3/4.5.14
- version/typo3 typo3/4.6.0
- version/typo3 typo3/4.6.1
- version/typo3 typo3/4.6.2
- version/typo3 typo3/4.6.3
- version/typo3 typo3/4.6.4
- version/typo3 typo3/4.6.5
- version/typo3 typo3/4.6.6
- version/typo3 typo3/4.6.7
- version/typo3 typo3/4.7