CVE-2013-7077:
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module
4.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.55309%
CWE
Published
5/17/2022
Updated
8/28/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
typo3/cms-core | composer | >= 6.0, < 6.0.12 | 6.0.12 |
typo3/cms-core | composer | >= 6.1, < 6.1.7 | 6.1.7 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper input sanitization in the Backend User Administration Module. While exact code details are unavailable, TYPO3's architecture suggests backend user management logic resides in UserAdministrationController
and related utilities. The CVE description explicitly cites XSS via unspecified vectors, implying functions handling user input/output in this module lack proper encoding. The 'medium' confidence reflects inferred patterns (TYPO3 backend structure and CWE-79 context) rather than direct code analysis. Patch notes for 6.0.12
/6.1.7
would likely modify these areas to add escaping.