CVE-2012-6146
Typo3 Backend History Module Vulnerable to XSS
EPSS 0.18%
Description
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
How to fix CVE-2012-6146
To remediate CVE-2012-6146, upgrade the affected package to a fixed version below.
- Packagist/typo3/cms—upgrade to 4.5.21 or later
Is CVE-2012-6146 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 4.5, < 4.5.21