3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2013-7074

GHSA ID

GHSA-r8m7-792j-5jvq

EPSS Score

0.55749%

CWE

CWE-79

Published

5/17/2022

Updated

8/28/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-7074

CVE-2013-7074: TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

(GitHub Advisory)

3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2013-7074

GHSA ID

GHSA-r8m7-792j-5jvq

EPSS Score

0.55749%

CWE

CWE-79

Published

5/17/2022

Updated

8/28/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms	composer	>= 4.5.0, <= 4.5.31	4.5.32
typo3/cms	composer	>= 4.7.0, <= 4.7.16	4.7.17
typo3/cms	composer	>= 6.0.0, <= 6.0.11	6.0.12
typo3/cms	composer	>= 6.1.0, <= 6.1.6	6.1.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information (CVE-2013-7074) describes XSS in TYPO3's Content Editing Wizards due to improper input sanitization in unspecified parameters. However, the available data (advisories, NVD, mailing lists) does not explicitly name specific functions, file paths, or code snippets. The descriptions reference general components (e.g., 'Content Editing Wizards') and note that parameters were not properly encoded, but without commit diffs, patch details, or concrete code examples, identifying exact vulnerable functions with high confidence is impossible. TYPO3's security bulletin TYPO3-CORE-SA-2013-004 likely contains more specifics, but its contents are not fully disclosed in the provided sources.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *ross-sit* s*riptin* (XSS) vuln*r**iliti*s in *ont*nt **itin* Wiz*r*s in TYPO* *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* t** **v*lopm*nt v*rsions o* *.* *llow r*mot* *ut**nti**t** us*rs to inj**t

Reasoning

T** provi*** vuln*r**ility in*orm*tion (*V*-****-****) **s*ri**s XSS in TYPO*'s *ont*nt **itin* Wiz*r*s *u* to improp*r input s*nitiz*tion in unsp**i*i** p*r*m*t*rs. *ow*v*r, t** *v*il**l* **t* (**visori*s, NV*, m*ilin* lists) *o*s not *xpli*itly n*m

3

Basic Information

Concerned about an active attack path?

CVE-2013-7074: TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component

3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI