TYPO3 EXTENTION 'caddy' - Cross-Site Scripting (XSS)
Procuct: TYPO3 Caddy
Vunlerable Version: 7.2.7 and probably prior
Tested Version: 7.2.7
Author: Haojun Hou in ADLab of Venustech
Haojun Hou in ADLab of Venustech discovered a Cross-Site Scripting (XSS) in TYPO3 extention “caddy”, which can be exploited to add,modify or delete information in application`s database and gain complete control over the application.
paymillToken = ><script>alert(1);</script><
Could you please help me assign a CVE for this issue?
#1 Updated by Dirk Wildt over 2 years ago
- Due date set to 2017-01-16
- Status changed from New to Resolved
- Assignee set to Dirk Wildt
- Priority changed from Should have to Must have
- % Done changed from 0 to 100
- Estimated time set to 0.50 h
Dear haojun hou,
Thanks for the report. I fixed the security bug and published Caddy 7.2.10 in the TER.
The affected code is third party code. I send your post to the developers.