CVE-2015-8755: XSS
First published: Fri Jan 08 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms | >=7.0<7.6.1 | 7.6.1 |
| composer/typo3/cms | >=6.2<6.2.16 | 6.2.16 |
| TYPO3 | =6.2.0 | |
| TYPO3 | =6.2.0-alpha1 | |
| TYPO3 | =6.2.0-alpha2 | |
| TYPO3 | =6.2.0-alpha3 | |
| TYPO3 | =6.2.0-beta1 | |
| TYPO3 | =6.2.0-beta2 | |
| TYPO3 | =6.2.0-beta3 | |
| TYPO3 | =6.2.0-beta4 | |
| TYPO3 | =6.2.0-beta5 | |
| TYPO3 | =6.2.0-beta6 | |
| TYPO3 | =6.2.0-beta7 | |
| TYPO3 | =6.2.0-rc1 | |
| TYPO3 | =6.2.0-rc2 | |
| TYPO3 | =6.2.1 | |
| TYPO3 | =6.2.2 | |
| TYPO3 | =6.2.3 | |
| TYPO3 | =6.2.4 | |
| TYPO3 | =6.2.5 | |
| TYPO3 | =6.2.6 | |
| TYPO3 | =6.2.7 | |
| TYPO3 | =6.2.8 | |
| TYPO3 | =6.2.9 | |
| TYPO3 | =6.2.10 | |
| TYPO3 | =6.2.10-rc1 | |
| TYPO3 | =6.2.11 | |
| TYPO3 | =6.2.12 | |
| TYPO3 | =6.2.13 | |
| TYPO3 | =6.2.14 | |
| TYPO3 | =6.2.15 | |
| TYPO3 | =7.0.0 | |
| TYPO3 | =7.0.2 | |
| TYPO3 | =7.1.0 | |
| TYPO3 | =7.2.0 | |
| TYPO3 | =7.3.0 | |
| TYPO3 | =7.3.1 | |
| TYPO3 | =7.4.0 | |
| TYPO3 | =7.5.0 | |
| TYPO3 | =7.6.0 | |
| TYPO3 | =7.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2015-8755
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
- https://web.archive.org/web/20160621193435/http://www.securityfocus.com/bid/79236
- https://web.archive.org/web/20161012163838/http://www.securitytracker.com/id/1034483
- https://github.com/advisories/GHSA-56f9-5563-m2h7 (Advisory)
- http://www.securityfocus.com/bid/79236
- http://www.securitytracker.com/id/1034483
Frequently Asked Questions
What is the severity of CVE-2015-8755?
CVE-2015-8755 is classified as a high severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2015-8755?
To fix CVE-2015-8755, upgrade TYPO3 to version 6.2.16 or 7.6.1, as these versions contain the necessary patches.
Who is affected by CVE-2015-8755?
CVE-2015-8755 affects remote authenticated editors using TYPO3 versions 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1.
What types of attacks can CVE-2015-8755 enable?
CVE-2015-8755 can enable remote authenticated attackers to inject arbitrary web scripts or HTML due to its cross-site scripting vulnerabilities.
Is my TYPO3 installation vulnerable to CVE-2015-8755?
If you are using TYPO3 versions 6.2.x before 6.2.16 or 7.x before 7.6.1, your installation is vulnerable to CVE-2015-8755.
- collector/github-advisory
- alias/GHSA-56f9-5563-m2h7
- alias/CVE-2015-8755
- collector/github-advisory-latest
- agent/author
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/6.2.0
- version/typo3 typo3/6.2.0-alpha1
- version/typo3 typo3/6.2.0-alpha2
- version/typo3 typo3/6.2.0-alpha3
- version/typo3 typo3/6.2.0-beta1
- version/typo3 typo3/6.2.0-beta2
- version/typo3 typo3/6.2.0-beta3
- version/typo3 typo3/6.2.0-beta4
- version/typo3 typo3/6.2.0-beta5
- version/typo3 typo3/6.2.0-beta6
- version/typo3 typo3/6.2.0-beta7
- version/typo3 typo3/6.2.0-rc1
- version/typo3 typo3/6.2.0-rc2
- version/typo3 typo3/6.2.1
- version/typo3 typo3/6.2.2
- version/typo3 typo3/6.2.3
- version/typo3 typo3/6.2.4
- version/typo3 typo3/6.2.5
- version/typo3 typo3/6.2.6
- version/typo3 typo3/6.2.7
- version/typo3 typo3/6.2.8
- version/typo3 typo3/6.2.9
- version/typo3 typo3/6.2.10
- version/typo3 typo3/6.2.10-rc1
- version/typo3 typo3/6.2.11
- version/typo3 typo3/6.2.12
- version/typo3 typo3/6.2.13
- version/typo3 typo3/6.2.14
- version/typo3 typo3/6.2.15
- version/typo3 typo3/7.0.0
- version/typo3 typo3/7.0.2
- version/typo3 typo3/7.1.0
- version/typo3 typo3/7.2.0
- version/typo3 typo3/7.3.0
- version/typo3 typo3/7.3.1
- version/typo3 typo3/7.4.0
- version/typo3 typo3/7.5.0
- version/typo3 typo3/7.6.0
- version/typo3 typo3/7.6.1