CVE-2015-8756: TYPO3 CMS indexed search Cross-site Scripting vulnerability
(updated )
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
References
- github.com/TYPO3-CMS/indexed_search
- github.com/TYPO3/typo3/commit/7e4bdf48988191043a65880c72190c4130c1f0e0
- github.com/advisories/GHSA-xx7m-8rq2-cw2v
- nvd.nist.gov/vuln/detail/CVE-2015-8756
- typo3.org/security/advisory/typo3-core-sa-2015-015
- web.archive.org/web/20160624215319/http://www.securitytracker.com/id/1034486
Code Behaviors & Features
Detect and mitigate CVE-2015-8756 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →