Информационная безопасность
[RU] switch to English


CVECVE-2015-5956
СтатусCandidate
ОписаниеThe sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.
Важность
Low
CVSS score3,5
CVSS vector(AV:N/AC:M/Au:S/C:N/I:P/A:N)
PhaseAssigned (06.08.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5956
ReferencesBUGTRAQ : 20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
 CONFIRM : https://typo3.org/teams/security/security-bulletin...
SecurityVulns:Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород