CVE-2015-8759: TYPO3 Cross-site Scripting vulnerability
(updated )
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
References
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555
- github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a
- github.com/advisories/GHSA-j5v7-9xr5-m7gx
- nvd.nist.gov/vuln/detail/CVE-2015-8759
- typo3.org/security/advisory/typo3-core-sa-2015-012
- web.archive.org/web/20200228051548/http://www.securityfocus.com/bid/79250
Code Behaviors & Features
Detect and mitigate CVE-2015-8759 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →