Add CVE-2020-11065 for GHSA-4j77-gg36-9864

2025-08-04 08:44:25 +00:00 · 2020-05-13 17:59:31 -05:00 · 2020-05-13 17:59:31 -05:00 · 2fdd242969
commit 2fdd242969
parent dc3de397fa
1 changed files with 74 additions and 6 deletions
--- a/2020/11xxx/CVE-2020-11065.json
+++ b/2020/11xxx/CVE-2020-11065.json
@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11065",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross-Site Scripting in TYPO3 CMS"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "TYPO3 CMS",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 9.5.12, < 9.5.17"
+                                        },
+                                        {
+                                            "version_value": ">= 10.2.0, < 10.4.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "TYPO3"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly.\n\nThis has been fixed in 9.5.17 and 10.4.2."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 5.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-4j77-gg36-9864",
+        "discovery": "UNKNOWN"
    }
 }