CVE-2013-7076

Name	CVE-2013-7076
Description	Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source	CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
References	DSA-2834-1
NVD severity	medium (attack range: remote, user-initiated)
Debian Bugs	731999
Debian/oldstable	not vulnerable.
Debian/stable	not vulnerable.
Debian/testing	not known to be vulnerable.
Debian/unstable	not vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
typo3-src (PTS)	squeeze (security), squeeze	4.3.9+dfsg1-1+squeeze9	fixed
	wheezy	4.5.19+dfsg1-5+wheezy3	fixed
	wheezy (security)	4.5.19+dfsg1-5+wheezy4	fixed
	sid	4.5.40+dfsg1-1	fixed

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
typo3-src	source	(unstable)	4.5.32+dfsg1-1	medium		731999
typo3-src	source	squeeze	4.3.9+dfsg1-1+squeeze9	medium	DSA-2834-1
typo3-src	source	wheezy	4.5.19+dfsg1-5+wheezy2	medium	DSA-2834-1

https://review.typo3.org/#/c/26181/