Search for vulnerabilities
| Vulnerability ID | VCID-2n43-4bxg-t3g2 |
| Aliases |
CVE-2012-6147
GHSA-qmmw-ch2q-j6xx |
| Summary | Typo3 Backend API XSS Vulnerability Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 2.7 |
| Risk | 1.4 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00196 | https://api.first.org/data/v1/epss?cve=CVE-2012-6147 |
| epss | 0.00196 | https://api.first.org/data/v1/epss?cve=CVE-2012-6147 |
| generic_textual | LOW | https://exchange.xforce.ibmcloud.com/vulnerabilities/79967 |
| generic_textual | LOW | https://github.com/TYPO3/typo3 |
| generic_textual | LOW | https://nvd.nist.gov/vuln/detail/CVE-2012-6147 |
| generic_textual | LOW | http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005 |
| generic_textual | LOW | http://www.openwall.com/lists/oss-security/2013/06/19/4 |
| Percentile | 0.4202 |
| EPSS Score | 0.00196 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T12:28:05.696889+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qmmw-ch2q-j6xx/GHSA-qmmw-ch2q-j6xx.json | 36.1.3 |