881280 – (CVE-2014-3943) VUL-0: CVE-2014-3943: typo3-cms-4_5, typo3-cms-4_7: Multiple cross-site scripting (XSS) vulnerabilities

Bug 881280 (CVE-2014-3943) - VUL-0: CVE-2014-3943: typo3-cms-4_5, typo3-cms-4_7: Multiple cross-site scripting (XSS) vulnerabilities

Summary: VUL-0: CVE-2014-3943: typo3-cms-4_5, typo3-cms-4_7: Multiple cross-site scrip...

Status:	RESOLVED FIXED

Alias:	CVE-2014-3943

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Forgotten User mJouVTf9j4
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/99273/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-06-04 10:51 UTC by Johannes Segitz
Modified:	2015-02-19 02:17 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2014-06-04 10:51:28 UTC

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend
components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before
6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated
editors to inject arbitrary web script or HTML via unknown parameters.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3943
http://www.cvedetails.com/cve/CVE-2014-3943/

Comment 1 Swamp Workflow Management 2014-06-04 22:00:17 UTC

bugbot adjusting priority

Comment 2 Bernhard Wiedemann 2014-06-09 18:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (881280) was mentioned in
https://build.opensuse.org/request/show/236669 12.3 / typo3-cms-4_5
https://build.opensuse.org/request/show/236680 13.1 / typo3-cms-4_5

Comment 3 Forgotten User mJouVTf9j4 2014-06-09 19:21:15 UTC

Fixed with maintenance requests:
- mr#236669
- mr#236680
- mr#236688
- mr#236689

Comment 4 Bernhard Wiedemann 2014-06-09 20:00:15 UTC

This is an autogenerated message for OBS integration:
This bug (881280) was mentioned in
https://build.opensuse.org/request/show/236688 13.1 / typo3-cms-4_7+typo3-cms-4_5
https://build.opensuse.org/request/show/236689 12.3 / typo3-cms-4_7+typo3-cms-4_5

Comment 5 Swamp Workflow Management 2014-06-18 10:04:24 UTC

openSUSE-SU-2014:0813-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 881280,881281,881282
CVE References: CVE-2014-3941,CVE-2014-3942,CVE-2014-3943
Sources used:
openSUSE 13.1 (src):    typo3-cms-4_5-4.5.34-2.4.1
openSUSE 12.3 (src):    typo3-cms-4_5-4.5.34-2.8.1