Vigil@nce - TYPO3 Core: six vulnerabilities
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TYPO3 Core.
Impacted products: TYPO3 Core.
Severity: 2/4.
Creation date: 15/12/2015.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TYPO3 Core.
An attacker can trigger a Cross Site Scripting in Extension
Manager, in order to run JavaScript code in the context of the web
site. [severity:2/4; CVE-2015-8757, TYPO3-CORE-SA-2015-010]
An attacker can trigger a Cross Site Scripting in TYPO3 Backend,
in order to run JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-8755, TYPO3-CORE-SA-2015-011]
An attacker can trigger a Cross Site Scripting in Typolinks, in
order to run JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-8759, TYPO3-CORE-SA-2015-012]
An attacker can trigger a Cross Site Scripting in Frontend, in
order to run JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-8758, TYPO3-CORE-SA-2015-013]
An attacker can trigger a Cross Site Flashing, in order to run
Flash (Action Script) code in the context of the web site.
[severity:2/4; CVE-2015-8760, TYPO3-CORE-SA-2015-014]
An attacker can trigger a Cross Site Scripting in Indexed Search,
in order to run JavaScript code in the context of the web site.
[severity:2/4; CVE-2015-8756, TYPO3-CORE-SA-2015-015]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/TYPO3-Core-six-vulnerabilities-18525