Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2013-6289

CVE-2013-6289:
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)

4.3

CVSS Score

Basic Information

CVE ID
CVE-2013-6289
GHSA ID
GHSA-xc7q-q62f-wcvr
EPSS Score
-
CWE
CWE-79
Published
5/17/2022
Updated
8/29/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-solr-for-typo3/solrcomposer< 2.8.32.8.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patches show two distinct XSS vectors: 1) In facet option rendering where output lacked HTML escaping, and 2) In form parameter persistence where user input was embedded in HTML without sanitization. Both functions directly handle user-controllable data and were modified to add security controls (htmlspecialchars and XSS cleaning). The pre-patch versions of these functions would appear in profiler output when processing malicious payloads.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** *p**** Solr *or TYPO* (solr) *xt*nsion ***or* *.*.* *or TYPO* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* unsp**i*i** v**tors.

Reasoning

T** p*t***s s*ow two *istin*t XSS v**tors: *) In ****t option r*n**rin* w**r* output l**k** *TML *s**pin*, *n* *) In *orm p*r*m*t*r p*rsist*n** w**r* us*r input w*s *m****** in *TML wit*out s*nitiz*tion. *ot* *un*tions *ir**tly **n*l* us*r-*ontroll**