Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2112

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2112
Last Modified 28 Aug 2012 12:00:00
Published 27 Aug 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2112

Summary

Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.

Vulnerable Systems

Application

  • Typo3 4.4.0

  • Typo3 4.4.1

  • Typo3 4.4.10

  • Typo3 4.4.11

  • Typo3 4.4.12

  • Typo3 4.4.13

  • Typo3 4.4.14

  • Typo3 4.4.2

  • Typo3 4.4.3

  • Typo3 4.4.4

  • Typo3 4.4.5

  • Typo3 4.4.6

  • Typo3 4.4.7

  • Typo3 4.4.8

  • Typo3 4.4.9

  • Typo3 4.5.0

  • Typo3 4.5.1

  • Typo3 4.5.10

  • Typo3 4.5.11

  • Typo3 4.5.12

  • Typo3 4.5.13

  • Typo3 4.5.14

  • Typo3 4.5.2

  • Typo3 4.5.3

  • Typo3 4.5.4

  • Typo3 4.5.5

  • Typo3 4.5.6

  • Typo3 4.5.7

  • Typo3 4.5.8

  • Typo3 4.5.9

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.6.7

  • Typo3 4.7


References

XF - exceptionhandler-exceptionmessages-xss(74920)

BID - 53047

MLIST - [oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core

MLIST - [oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core

DEBIAN - DSA-2455

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/

MLIST - [TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8

MLIST - [TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core


Last Updated: 27 May 2016 11:00:22