fkie_nvd - fkie_cve-2013-5570

fkie_cve-2013-5570

Vulnerability from fkie_nvd

Published

2013-08-23 15:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/53253	Vendor Advisory
cve@mitre.org	http://typo3.org/extensions/repository/view/js_css_optimizer	Patch
cve@mitre.org	http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/81583
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/53253	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/extensions/repository/view/js_css_optimizer	Patch
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/81583

Impacted products

Vendor	Product	Version
axel_jung	js_css_optimizer	*
axel_jung	js_css_optimizer	0.0.1
axel_jung	js_css_optimizer	0.1.0
axel_jung	js_css_optimizer	0.2.0
axel_jung	js_css_optimizer	0.2.1
axel_jung	js_css_optimizer	0.2.2
axel_jung	js_css_optimizer	0.2.3
axel_jung	js_css_optimizer	1.0.0
axel_jung	js_css_optimizer	1.0.1
axel_jung	js_css_optimizer	1.0.2
axel_jung	js_css_optimizer	1.0.3
typo3	typo3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD4C330B-9F91-4A57-88A6-8FD9BB7BE6D4",
              "versionEndIncluding": "1.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBEAE7DF-81EF-46FD-8D6A-D955ED13E9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B2E00C4-3C19-4021-B0CB-A4794A6EDB49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A28E8B6-512E-43FA-A0A3-D2E01D3C92AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "189AEB2D-5E51-4328-A62C-9455CE0F4955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6ECD81-1072-4BAC-85F1-7522A563902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBCE408-C089-4F42-9FED-229FBE6DBB94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2D870E4-0BA6-4F9B-B2F1-EC42E85A7795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C08BC8C5-6E6A-40FF-8146-0BFB510943A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DBBDDE2-E8CF-4C50-BF39-916C5BB2B4BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:axel_jung:js_css_optimizer:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "86C7A39B-5AFA-4F36-ACB2-B37F9435274F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-site scripting (XSS) en la extensi\u00f3n Javascript y CSS Optimizer anterior a v1.1.14 para TYPO3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-5570",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-08-23T15:55:20.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53253"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/extensions/repository/view/js_css_optimizer"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81583"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-5570 (GCVE-0-2013-5570)

Vulnerability from cvelistv5

Published

2013-08-23 15:00