CVE-2015-8758: XSS
First published: Fri Jan 08 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TYPO3 | =6.2.0-alpha1 | |
| TYPO3 | =6.2.0-alpha2 | |
| TYPO3 | =6.2.0-alpha3 | |
| TYPO3 | =6.2.0-beta1 | |
| TYPO3 | =6.2.0-beta2 | |
| TYPO3 | =6.2.0-beta3 | |
| TYPO3 | =6.2.0-beta4 | |
| TYPO3 | =6.2.0-beta5 | |
| TYPO3 | =6.2.0-beta6 | |
| TYPO3 | =6.2.0-beta7 | |
| TYPO3 | =6.2.0-rc1 | |
| TYPO3 | =6.2.0-rc2 | |
| TYPO3 | =6.2.1 | |
| TYPO3 | =6.2.2 | |
| TYPO3 | =6.2.3 | |
| TYPO3 | =6.2.4 | |
| TYPO3 | =6.2.5 | |
| TYPO3 | =6.2.6 | |
| TYPO3 | =6.2.7 | |
| TYPO3 | =6.2.8 | |
| TYPO3 | =6.2.9 | |
| TYPO3 | =6.2.10 | |
| TYPO3 | =6.2.10-rc1 | |
| TYPO3 | =6.2.11 | |
| TYPO3 | =6.2.12 | |
| TYPO3 | =6.2.13 | |
| TYPO3 | =6.2.14 | |
| TYPO3 | =6.2.15 | |
| TYPO3 | =7.0.0 | |
| TYPO3 | =7.0.1 | |
| TYPO3 | =7.0.2 | |
| TYPO3 | =7.1.0 | |
| TYPO3 | =7.2.0 | |
| TYPO3 | =7.3.0 | |
| TYPO3 | =7.3.1 | |
| TYPO3 | =7.4.0 | |
| TYPO3 | =7.5.0 | |
| TYPO3 | =7.6.0 | |
| TYPO3 | =7.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-8758?
CVE-2015-8758 is classified as a moderate severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2015-8758?
To resolve CVE-2015-8758, upgrade TYPO3 to version 6.2.16 or 7.6.1 or later.
What types of systems are affected by CVE-2015-8758?
CVE-2015-8758 affects TYPO3 versions 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1.
Who can exploit CVE-2015-8758?
CVE-2015-8758 can be exploited by remote authenticated editors with access to the frontend components of TYPO3.
What are the consequences of CVE-2015-8758?
Exploitation of CVE-2015-8758 can allow attackers to inject arbitrary web scripts or HTML into the affected TYPO3 installations.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/6.2.0-alpha1
- version/typo3 typo3/6.2.0-alpha2
- version/typo3 typo3/6.2.0-alpha3
- version/typo3 typo3/6.2.0-beta1
- version/typo3 typo3/6.2.0-beta2
- version/typo3 typo3/6.2.0-beta3
- version/typo3 typo3/6.2.0-beta4
- version/typo3 typo3/6.2.0-beta5
- version/typo3 typo3/6.2.0-beta6
- version/typo3 typo3/6.2.0-beta7
- version/typo3 typo3/6.2.0-rc1
- version/typo3 typo3/6.2.0-rc2
- version/typo3 typo3/6.2.1
- version/typo3 typo3/6.2.2
- version/typo3 typo3/6.2.3
- version/typo3 typo3/6.2.4
- version/typo3 typo3/6.2.5
- version/typo3 typo3/6.2.6
- version/typo3 typo3/6.2.7
- version/typo3 typo3/6.2.8
- version/typo3 typo3/6.2.9
- version/typo3 typo3/6.2.10
- version/typo3 typo3/6.2.10-rc1
- version/typo3 typo3/6.2.11
- version/typo3 typo3/6.2.12
- version/typo3 typo3/6.2.13
- version/typo3 typo3/6.2.14
- version/typo3 typo3/6.2.15
- version/typo3 typo3/7.0.0
- version/typo3 typo3/7.0.1
- version/typo3 typo3/7.0.2
- version/typo3 typo3/7.1.0
- version/typo3 typo3/7.2.0
- version/typo3 typo3/7.3.0
- version/typo3 typo3/7.3.1
- version/typo3 typo3/7.4.0
- version/typo3 typo3/7.5.0
- version/typo3 typo3/7.6.0
- version/typo3 typo3/7.6.1