CVE-2010-3715 — TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the

Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

How to fix CVE-2010-3715

To remediate CVE-2010-3715, upgrade the affected package to a fixed version below.

Packagist/typo3/cms-backend—upgrade to 4.2.15 or later

Is CVE-2010-3715 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 4.2.0, < 4.2.15

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-3715
PATCHgithub.com/TYPO3-CMS/backend
WEBgithub.com/TYPO3/typo3/commit/38ec239a35d50746a2f95eef004227acd1932b81
WEBgithub.com/TYPO3/typo3/commit/aba23d6f12775d31acd9b7197d5eeddca09d3574