Search for vulnerabilities
| Vulnerability ID | VCID-cwsm-v895-nqc7 |
| Aliases |
CVE-2015-5956
GHSA-989h-wv8x-933p |
| Summary | TYPO3 cross-site scripting (XSS) The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 2.7 |
| Risk | 1.4 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | LOW | http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html |
| epss | 0.00145 | https://api.first.org/data/v1/epss?cve=CVE-2015-5956 |
| generic_textual | LOW | http://seclists.org/fulldisclosure/2015/Sep/57 |
| generic_textual | LOW | https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2015-5956.yaml |
| generic_textual | LOW | https://nvd.nist.gov/vuln/detail/CVE-2015-5956 |
| generic_textual | LOW | https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009 |
| generic_textual | LOW | http://www.securityfocus.com/archive/1/536464/100/0/threaded |
| generic_textual | LOW | http://www.securitytracker.com/id/1033551 |
| Percentile | 0.3575 |
| EPSS Score | 0.00145 |
| Published At | June 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-01T12:27:30.386829+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-989h-wv8x-933p/GHSA-989h-wv8x-933p.json | 36.1.3 |