ID de Prueba:	1.3.6.1.4.1.25623.1.0.806665
Categoría:	Web application abuses
Título:	TYPO3 Multiple Cross-Site Scripting Vulnerabilities (Jan 2016)
Resumen:	TYPO3 is prone to multiple cross-site scripting vulnerabilities.
Descripción:	Summary: TYPO3 is prone to multiple cross-site scripting vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An error in authorized editors which can insert javascript commands by using the url scheme 'javascript:'. - An error in editor where input passed to editor is not properly encoded. - An error while HTML encode extension data during an extension installation. - An error while encoding user input. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: TYPO3 versions 6.2.x before 6.2.16 and 7.x before 7.6.1 Solution: Upgrade to TYPO3 version 6.2.16 or 7.6.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-8759 BugTraq ID: 79250 http://www.securityfocus.com/bid/79250 Common Vulnerability Exposure (CVE) ID: CVE-2015-8758 BugTraq ID: 79240 http://www.securityfocus.com/bid/79240 http://www.securitytracker.com/id/1034484 Common Vulnerability Exposure (CVE) ID: CVE-2015-8757 BugTraq ID: 79254 http://www.securityfocus.com/bid/79254 http://www.securitytracker.com/id/1034482 Common Vulnerability Exposure (CVE) ID: CVE-2015-8755 BugTraq ID: 79236 http://www.securityfocus.com/bid/79236 http://www.securitytracker.com/id/1034483
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.