CVE-2023-35783: The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed...

6.3 CVSS

Description

The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.

Classification

CVE ID: CVE-2023-35783

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.3

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 26.17% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://typo3.org/security/advisory/typo3-ext-sa-2023-004

Timeline

2024-12-12 00:30:42 UTC
CVE

The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed...