Miggo Logo

CVE-2011-4632: Typo3 XSS Vulnerabilities

5.4

CVSS Score
3.1

Basic Information

EPSS Score
0.41874%
Published
4/22/2022
Updated
1/12/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cmscomposer< 4.3.124.3.12
typo3/cmscomposer>= 4.4.0, < 4.4.94.4.9
typo3/cmscomposer>= 4.5.0, < 4.5.44.5.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper sanitization of user-controlled input (page titles) in tcemain flash messages. The DataHandler (t3lib_tcemain.php) processes backend operations like copy/move, which includes unsanitized page titles in flash messages. These messages are then rendered without escaping in the backend via FlashMessageQueue. While the exact method for message construction isn't specified, process_cmdmap is central to command execution, and addMessage handles message storage. The high confidence for process_cmdmap comes from its role in handling the vulnerable operation flow, while addMessage has medium confidence due to potential sanitization occurring earlier in the chain.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* S*riptin* (XSS) in TYPO* ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* t** t**m*in *l*s* m*ss***.

Reasoning

T** vuln*r**ility st*ms *rom improp*r s*nitiz*tion o* us*r-*ontroll** input (p*** titl*s) in t**m*in *l*s* m*ss***s. T** **t***n*l*r (t*li*_t**m*in.p*p) pro**ss*s ***k*n* op*r*tions lik* *opy/mov*, w*i** in*lu**s uns*nitiz** p*** titl*s in *l*s* m*ss