Auto-merge PR#3839

2025-06-21 05:40:25 +00:00 · 2020-05-13 19:05:18 -04:00 · 2020-05-13 19:05:18 -04:00 · e82d82cae5
commit e82d82cae5
parent 9f8aeb54e6 2fdd242969
1 changed files with 74 additions and 6 deletions
--- a/2020/11xxx/CVE-2020-11065.json
+++ b/2020/11xxx/CVE-2020-11065.json
@ -1,18 +1,86 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11065",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross-Site Scripting in TYPO3 CMS"
    },
-    "description": {
-        "description_data": [
+    "affects": {
+        "vendor": {
+            "vendor_data": [
                {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "TYPO3 CMS",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": ">= 9.5.12, < 9.5.17"
+                                        },
+                                        {
+                                            "version_value": ">= 10.2.0, < 10.4.2"
                                        }
                                    ]
                                }
                            }
+                        ]
+                    },
+                    "vendor_name": "TYPO3"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly.\n\nThis has been fixed in 9.5.17 and 10.4.2."
+            }
+        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 5.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-4j77-gg36-9864",
+        "discovery": "UNKNOWN"
+    }
+}