Voozh

libconnect Extension for Typo3 Vulnerable to XSS

Moderate severity GitHub Reviewed Published to the GitHub Advisory Database • Updated

Package

subhh/libconnect (Composer)

Affected versions

< 7.0.8

>= 8.0.0, < 8.1.0

Patched versions

7.0.8

8.1.0

Description

The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-33157
https://typo3.org/security/advisory/typo3-ext-sa-2022-010
subhh/libconnect@

Published by the National Vulnerability Database

Published to the GitHub Advisory Database

Reviewed

Last updated

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS score

(39th percentile)

Weaknesses

CVE ID

CVE-2022-33157

GHSA ID

GHSA-c8f2-5h29-8j2h

Source code

No known source code

See something to contribute? Suggest improvements for this vulnerability.

URL: https://github.com/advisories/GHSA-c8f2-5h29-8j2h

⇱ libconnect Extension for Typo3 Vulnerable to XSS · CVE-2022-33157 · GitHub Advisory Database · GitHub