CVE-2012-3529 — Typo3 Backend Configuration XSS Vulnerability

Description

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

How to fix CVE-2012-3529

To remediate CVE-2012-3529, upgrade the affected package to a fixed version below.

Packagist/typo3/cms—upgrade to 4.5.19 or later

Is CVE-2012-3529 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 4.5, < 4.5.19

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-3529
WEBexchange.xforce.ibmcloud.com/vulnerabilities/77793
WEBtypo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004
WEBwww.debian.org/security/2012/dsa-2537