CVE-2013-7077: XSS
First published: Sat Dec 21 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms-core | >=6.1<6.1.7 | 6.1.7 |
| composer/typo3/cms-core | >=6.0<6.0.12 | 6.0.12 |
| TYPO3 | =6.0 | |
| TYPO3 | =6.0.1 | |
| TYPO3 | =6.0.2 | |
| TYPO3 | =6.0.3 | |
| TYPO3 | =6.0.4 | |
| TYPO3 | =6.0.5 | |
| TYPO3 | =6.0.6 | |
| TYPO3 | =6.0.7 | |
| TYPO3 | =6.0.8 | |
| TYPO3 | =6.0.9 | |
| TYPO3 | =6.0.10 | |
| TYPO3 | =6.0.11 | |
| TYPO3 | =6.1 | |
| TYPO3 | =6.1.1 | |
| TYPO3 | =6.1.2 | |
| TYPO3 | =6.1.3 | |
| TYPO3 | =6.1.4 | |
| TYPO3 | =6.1.5 | |
| TYPO3 | =6.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2013-7077
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89626
- http://osvdb.org/100884
- http://seclists.org/oss-sec/2013/q4/473
- http://seclists.org/oss-sec/2013/q4/487
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- https://github.com/advisories/GHSA-5cmc-r23m-hvrr (Advisory)
Frequently Asked Questions
What is the severity of CVE-2013-7077?
CVE-2013-7077 has a medium severity rating due to its potential impact on user data and security.
How do I fix CVE-2013-7077?
To fix CVE-2013-7077, upgrade TYPO3 to version 6.0.12 or later for 6.0.x and to version 6.1.7 or later for 6.1.x.
What are the affected versions of TYPO3 for CVE-2013-7077?
CVE-2013-7077 affects TYPO3 versions before 6.0.12 and 6.1.7 across multiple 6.0.x and 6.1.x releases.
Can CVE-2013-7077 allow remote attacks?
Yes, CVE-2013-7077 allows remote attackers to inject arbitrary web scripts or HTML, leading to cross-site scripting (XSS) attacks.
What module is vulnerable in CVE-2013-7077?
The Backend User Administration Module in TYPO3 is the component that contains the vulnerability described in CVE-2013-7077.
- collector/github-advisory-latest
- alias/GHSA-5cmc-r23m-hvrr
- alias/CVE-2013-7077
- collector/github-advisory
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/6.0
- version/typo3 typo3/6.0.1
- version/typo3 typo3/6.0.2
- version/typo3 typo3/6.0.3
- version/typo3 typo3/6.0.4
- version/typo3 typo3/6.0.5
- version/typo3 typo3/6.0.6
- version/typo3 typo3/6.0.7
- version/typo3 typo3/6.0.8
- version/typo3 typo3/6.0.9
- version/typo3 typo3/6.0.10
- version/typo3 typo3/6.0.11
- version/typo3 typo3/6.1
- version/typo3 typo3/6.1.1
- version/typo3 typo3/6.1.2
- version/typo3 typo3/6.1.3
- version/typo3 typo3/6.1.4
- version/typo3 typo3/6.1.5
- version/typo3 typo3/6.1.6