Web application abuses : TYPO3 'sanitizeLocalUrl' function XSS Vulnerability (SA-2015-009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.805981

Categoría: Web application abuses

Título: TYPO3 'sanitizeLocalUrl' function XSS Vulnerability (SA-2015-009)

Resumen: TYPO3 is prone to a cross-site scripting (XSS) vulnerability.

Descripción: Summary:
TYPO3 is prone to a cross-site scripting (XSS) vulnerability.

Vulnerability Insight:
The flaw exists as the user input passed
via 'returnUrl' and 'redirect_url' parameters to sanitizeLocalUrl function is
not validated before returning to users.

Vulnerability Impact:
Successful exploitation will allow
remote authenticated attackers to execute arbitrary HTML and script code in
a user's browser session in the context of an affected site.

Affected Software/OS:
TYPO3 versions 6.2.x prior to 6.2.15,
and 7.0.x prior to 7.4.0

Solution:
Update to TYPO3 version 6.2.15 or 7.4.0
or later.

CVSS Score:
3.5

CVSS Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-5956
Bugtraq: 20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting (Google Search)
http://www.securityfocus.com/archive/1/536464/100/0/threaded
http://seclists.org/fulldisclosure/2015/Sep/57
http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html
http://www.securitytracker.com/id/1033551

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.805981
Categoría:	Web application abuses
Título:	TYPO3 'sanitizeLocalUrl' function XSS Vulnerability (SA-2015-009)
Resumen:	TYPO3 is prone to a cross-site scripting (XSS) vulnerability.
Descripción:	Summary: TYPO3 is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw exists as the user input passed via 'returnUrl' and 'redirect_url' parameters to sanitizeLocalUrl function is not validated before returning to users. Vulnerability Impact: Successful exploitation will allow remote authenticated attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: TYPO3 versions 6.2.x prior to 6.2.15, and 7.0.x prior to 7.4.0 Solution: Update to TYPO3 version 6.2.15 or 7.4.0 or later. CVSS Score: 3.5 CVSS Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-5956 Bugtraq: 20150914 [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting (Google Search) http://www.securityfocus.com/archive/1/536464/100/0/threaded http://seclists.org/fulldisclosure/2015/Sep/57 http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html http://www.securitytracker.com/id/1033551
Copyright	Copyright (C) 2015 Greenbone AG