Posted by Ahrens, Julien on Sep 15
secunet Security Networks AG Security Advisory
Advisory: Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting
1. DETAILS
———-
Product: Typo3 CMS
Vendor URL: typo3.org
Type: Cross-site Scripting[CWE-79]
Date found: 2015-07-30
Date published: 2015-09-14
CVSSv2 Score: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE: CVE-2015-5956
2. AFFECTED VERSIONS
——————–
Typo3 6.2.14 and…