Miggo Logo

CVE-2013-7077:
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module

4.3

CVSS Score

Basic Information

EPSS Score
0.55309%
Published
5/17/2022
Updated
8/28/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-corecomposer>= 6.0, < 6.0.126.0.12
typo3/cms-corecomposer>= 6.1, < 6.1.76.1.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization in the Backend User Administration Module. While exact code details are unavailable, TYPO3's architecture suggests backend user management logic resides in UserAdministrationController and related utilities. The CVE description explicitly cites XSS via unspecified vectors, implying functions handling user input/output in this module lack proper encoding. The 'medium' confidence reflects inferred patterns (TYPO3 backend structure and CWE-79 context) rather than direct code analysis. Patch notes for 6.0.12/6.1.7 would likely modify these areas to add escaping.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** ***k*n* Us*r **ministr*tion Mo*ul* in TYPO* *.*.x ***or* *.*.** *n* *.*.x ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* unsp**i*i** v**tors.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion in t** ***k*n* Us*r **ministr*tion Mo*ul*. W*il* *x**t *o** **t*ils *r* un*v*il**l*, TYPO*'s *r**it**tur* su***sts ***k*n* us*r m*n***m*nt lo*i* r*si**s in `Us*r**ministr*tion*ontroll*r` *n* r*