VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-nnxd-zjsh-wqbp

Essentials
Severities (13)
References (7)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-nnxd-zjsh-wqbp
Aliases	GHSA-wp8j-c736-c5r3
Summary	TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-wp8j-c736-c5r3
cvssv3.1	5.4	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
cvssv3.1	5.4	https://github.com/TYPO3/typo3
generic_textual	MODERATE	https://github.com/TYPO3/typo3
cvssv3.1	5.4	https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
generic_textual	MODERATE	https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
cvssv3.1	5.4	https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
generic_textual	MODERATE	https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
cvssv3.1	5.4	https://typo3.org/security/advisory/typo3-core-sa-2015-004
generic_textual	MODERATE	https://typo3.org/security/advisory/typo3-core-sa-2015-004
cvssv3.1	5.4	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004
generic_textual	MODERATE	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004

Reference id	Reference type	URL
		https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
		https://github.com/TYPO3/typo3
		https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
		https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
		https://typo3.org/security/advisory/typo3-core-sa-2015-004
		https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004
GHSA-wp8j-c736-c5r3		https://github.com/advisories/GHSA-wp8j-c736-c5r3

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/TYPO3/typo3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://typo3.org/security/advisory/typo3-core-sa-2015-004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:11:34.977660+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wp8j-c736-c5r3/GHSA-wp8j-c736-c5r3.json	36.1.3