Description

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

Remediation

References

CVE-2013-7078

Related Vulnerabilities

Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-3419)

WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box Security Bypass (6.3.3)

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-48566)

WordPress Plugin Contact Form by WD-responsive drag & drop contact form builder tool Cross-Site Scripting (1.7.18)

Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)

Severity

Low

Classification

CVE-2013-7078 CWE-707

Tags

Missing Update Known Vulnerabilities