CVE-2015-8755 — Typo3 XSS Vulnerability

Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

How to fix CVE-2015-8755

To remediate CVE-2015-8755, upgrade the affected package to a fixed version below.

Packagist/typo3/cms—upgrade to 6.2.16 or later

Is CVE-2015-8755 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 6.2, < 6.2.16

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-8755
WEBweb.archive.org/web/20160621193435/http://www.securityfocus.com/bid/79236
WEBweb.archive.org/web/20161012163838/http://www.securitytracker.com/id/1034483
WEBtypo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011