CVE-2014-3943

NameCVE-2014-3943
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2942-1
NVD severitylow (attack range: remote)
Debian Bugs749215

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsource(unstable)4.5.34+dfsg1-1low749215
typo3-srcsourcesqueeze(unfixed)end-of-life
typo3-srcsourcewheezy4.5.19+dfsg1-5+wheezy3lowDSA-2942-1

Notes

[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)

Search for package or bug name: Reporting problems