Search for vulnerabilities
Vulnerability details: VCID-txd8-gfvy-1kb1
Vulnerability ID VCID-txd8-gfvy-1kb1
Aliases CVE-2013-7074
GHSA-r8m7-792j-5jvq
Summary TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 3.0 http://osvdb.org/100881
generic_textual LOW http://osvdb.org/100881
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2013-7074
epss 0.00335 https://api.first.org/data/v1/epss?cve=CVE-2013-7074
cvssv3.1 3.0 http://seclists.org/oss-sec/2013/q4/473
generic_textual LOW http://seclists.org/oss-sec/2013/q4/473
cvssv3.1 3.0 http://seclists.org/oss-sec/2013/q4/487
generic_textual LOW http://seclists.org/oss-sec/2013/q4/487
cvssv3.1 3.0 https://exchange.xforce.ibmcloud.com/vulnerabilities/89620
generic_textual LOW https://exchange.xforce.ibmcloud.com/vulnerabilities/89620
cvssv3.1 3.0 https://github.com/TYPO3/typo3
generic_textual LOW https://github.com/TYPO3/typo3
cvssv3.1 3.0 https://nvd.nist.gov/vuln/detail/CVE-2013-7074
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2013-7074
cvssv3.1 3.0 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
generic_textual LOW http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
cvssv3.1 3.0 http://www.debian.org/security/2014/dsa-2834
generic_textual LOW http://www.debian.org/security/2014/dsa-2834
cvssv3.1 3.0 http://www.securityfocus.com/bid/64245
generic_textual LOW http://www.securityfocus.com/bid/64245
Reference id Reference type URL
http://osvdb.org/100881
https://api.first.org/data/v1/epss?cve=CVE-2013-7074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081
http://seclists.org/oss-sec/2013/q4/473
http://seclists.org/oss-sec/2013/q4/487
https://exchange.xforce.ibmcloud.com/vulnerabilities/89620
https://github.com/TYPO3/typo3
https://nvd.nist.gov/vuln/detail/CVE-2013-7074
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
http://www.debian.org/security/2014/dsa-2834
http://www.securityfocus.com/bid/64245
GHSA-r8m7-792j-5jvq https://github.com/advisories/GHSA-r8m7-792j-5jvq
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://osvdb.org/100881
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://seclists.org/oss-sec/2013/q4/473
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://seclists.org/oss-sec/2013/q4/487
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/89620
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://github.com/TYPO3/typo3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-7074
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://www.debian.org/security/2014/dsa-2834
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N Found at http://www.securityfocus.com/bid/64245
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55666
EPSS Score 0.00335
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:29.093417+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r8m7-792j-5jvq/GHSA-r8m7-792j-5jvq.json 36.1.3