CVE-2013-7082

{"id": "CVE-2013-7082", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-12-21T00:55:04.613", "references": [{"url": "http://osvdb.org/100825", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/55996", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa-2013-001", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89614", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/100825", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55996", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://typo3.org/teams/security/security-bulletins/typo3-flow/typo3-flow-sa-2013-001", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89614", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message."}, {"lang": "es", "value": "Vulnerabilidad de tipo cross-site scripting (XSS) en el m\u00e9todo errorAction en la clase base ActionController en TYPO3 Flow (anteriormente FLOW3) versiones 1.1.x anteriores a 1.1.1 y versiones 2.0.x anteriores a 2.0.1, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de una entrada no especificada, que es devuelta en un mensaje de error."}], "lastModified": "2024-11-21T02:00:18.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:flow:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57AB9E2B-B5D6-4B4A-B259-3531FFDE093A"}, {"criteria": "cpe:2.3:a:typo3:flow:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAA2C77B-3EA6-41E7-B212-495099C20B0E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}