Candidate: CVE-2013-7078
PublicDate: 2014-01-19 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078
 http://www.openwall.com/lists/oss-security/2013/12/12
Description:
 Cross-site scripting (XSS) vulnerability in the errorAction method in the
 ActionController base class in the Extbase Framework in TYPO3 4.5.0 through
 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through
 6.1.6, when the Rewritten Property Mapper is enabled, allows remote
 attackers to inject arbitrary web script or HTML via unspecified input,
 which is returned in an error message.  NOTE: this might be the same
 vulnerability as CVE-2013-7072.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731999
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_typo3-src:
upstream_typo3-src: released (4.5.32+dfsg1-1)
lucid_typo3-src: ignored (reached end-of-life)
precise_typo3-src: ignored (reached end-of-life)
precise/esm_typo3-src: DNE (precise was needed)
quantal_typo3-src: ignored (reached end-of-life)
raring_typo3-src: released (4.5.19+dfsg1-5+wheezy2build0.13.04.1)
saucy_typo3-src: ignored (reached end-of-life)
trusty_typo3-src: not-affected (4.5.32+dfsg1-1)
trusty/esm_typo3-src: DNE (trusty was not-affected [4.5.32+dfsg1-1])
utopic_typo3-src: not-affected (4.5.32+dfsg1-1)
vivid_typo3-src: not-affected (4.5.32+dfsg1-1)
vivid/stable-phone-overlay_typo3-src: DNE
vivid/ubuntu-core_typo3-src: DNE
wily_typo3-src: DNE
xenial_typo3-src: DNE
yakkety_typo3-src: DNE
zesty_typo3-src: DNE
devel_typo3-src: DNE