Miggo Logo
Miggo Vulnerability Database
CVE-2020-15517

CVE-2020-15517: ke_search for Typo3 XSS Vulnerability

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-15517
GHSA ID
GHSA-gg48-mpp8-cgqc
EPSS Score
0.43188%
CWE
CWE-79
Published
5/24/2022
Updated
7/18/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
tpwd/ke_searchcomposer>= 3.0.0, <= 3.1.33.1.4
tpwd/ke_searchcomposer<= 2.8.22.8.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from multiple instances of unescaped output of user-controlled data in HTML contexts. The commit diff shows critical additions of htmlspecialchars() and a new renderIndexingReport method that sanitizes output. Specifically:

  1. printIndexerConfigurations lacked escaping for indexer titles
  2. getIndexedContent had multiple unescaped fields from database records
  3. renderFurtherInformation passed raw content to span elements
  4. startIndexing incorporated raw messages from indexer modules All these locations handle user/configurable data that could contain XSS payloads, as confirmed by the CWE-79 classification and patch changes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** k*_s**r** (*k* ****t** S**r**) *xt*nsion t*rou** *.*.*, *n* *.x t*rou** *.*.*, *or TYPO* *llows XSS.

Reasoning

T** vuln*r**ility st*ms *rom multipl* inst*n**s o* un*s**p** output o* us*r-*ontroll** **t* in *TML *ont*xts. T** *ommit *i** s*ows *riti**l ***itions o* *tmlsp**i*l***rs() *n* * n*w r*n**rIn**xin*R*port m*t*o* t**t s*nitiz*s output. Sp**i*i**lly: *.