SecuritySpace - CVE-2013-7078

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2013-7078

Description: Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-7078
BugTraq ID: 64239
http://www.securityfocus.com/bid/64239
http://seclists.org/oss-sec/2013/q4/473
http://seclists.org/oss-sec/2013/q4/487
http://osvdb.org/100885
XForce ISS Database: extbase-actioncontroller-xss(89629)
https://exchange.xforce.ibmcloud.com/vulnerabilities/89629

CVE ID:	CVE-2013-7078
Description:	Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2013-7078 BugTraq ID: 64239 http://www.securityfocus.com/bid/64239 http://seclists.org/oss-sec/2013/q4/473 http://seclists.org/oss-sec/2013/q4/487 http://osvdb.org/100885 XForce ISS Database: extbase-actioncontroller-xss(89629) https://exchange.xforce.ibmcloud.com/vulnerabilities/89629