CVE-2013-7078

Publication date 19 January 2014

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

Status

Package Ubuntu Release Status
typo3-src 17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid
Not affected
14.10 utopic
Not affected
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
13.04 raring
Fixed 4.5.19+dfsg1-5+wheezy2build0.13.04.1
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
10.04 LTS lucid Ignored end of life

References

Other references