CVE-2015-5956

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.

Published Bycve@mitre.org

Published DateSep 16, 2015, 14:59

Affected Versions(3)

typo3/cms(Packagist)

Introduced6.0

Fixed6.2.15

LimitN/A

typo3/cms(Packagist)

Introduced7.0

Fixed7.4.0

LimitN/A

typo3/cms(Packagist)

Introduced4.0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
typo3/cms(Packagist)	6.0	6.2.15	N/A
typo3/cms(Packagist)	7.0	7.4.0	N/A
typo3/cms(Packagist)	4.0	N/A	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

3.5

Vector String

AV:N/AC:M/Au:S/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

3.5

Vector String

AV:N/AC:M/Au:S/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE