VulnerableCode Vulnerability Details - VCID-t7pm-yns8-4ues

Search for vulnerabilities

Vulnerability details: VCID-t7pm-yns8-4ues

Essentials
Severities (10)
References (18)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-t7pm-yns8-4ues
Aliases	CVE-2013-7078 GHSA-qj69-chjp-g4f5
Summary	TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://osvdb.org/100885
epss	0.00475	https://api.first.org/data/v1/epss?cve=CVE-2013-7078
epss	0.00486	https://api.first.org/data/v1/epss?cve=CVE-2013-7078
generic_textual	LOW	http://seclists.org/oss-sec/2013/q4/473
generic_textual	LOW	http://seclists.org/oss-sec/2013/q4/487
generic_textual	LOW	https://exchange.xforce.ibmcloud.com/vulnerabilities/89629
generic_textual	LOW	https://github.com/TYPO3-CMS/core
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2013-7078
generic_textual	LOW	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
generic_textual	LOW	http://www.securityfocus.com/bid/64239

Reference id	Reference type	URL
		http://osvdb.org/100885
		https://api.first.org/data/v1/epss?cve=CVE-2013-7078
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081
		http://seclists.org/oss-sec/2013/q4/473
		http://seclists.org/oss-sec/2013/q4/487
		https://exchange.xforce.ibmcloud.com/vulnerabilities/89629
		https://github.com/TYPO3-CMS/core
		https://nvd.nist.gov/vuln/detail/CVE-2013-7078
		http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
		http://www.securityfocus.com/bid/64239
GHSA-qj69-chjp-g4f5		https://github.com/advisories/GHSA-qj69-chjp-g4f5

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.63963
EPSS Score	0.00475
Published At	July 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:27:35.665148+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qj69-chjp-g4f5/GHSA-qj69-chjp-g4f5.json	36.1.3