CVE-2021-43561

{"id": "CVE-2021-43561", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-11-10T15:15:12.390", "references": [{"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-015", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-015", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability."}, {"lang": "es", "value": "Se ha detectado un problema de tipo XSS en la extensi\u00f3n google_for_jobs (tambi\u00e9n se conoce como Google for Jobs) versiones anteriores a 1.5.1 y versiones 2.x anteriores a 2.1.1 para TYPO3. La extensi\u00f3n no codifica correctamente la entrada del usuario para la salida en el contexto HTML. Es requerida una cuenta de usuario del backend de TYPO3 para explotar la vulnerabilidad"}], "lastModified": "2024-11-21T06:29:26.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pega-sus:google_for_jobs:*:*:*:*:*:typo3:*:*", "vulnerable": true, "matchCriteriaId": "7806A1EA-E173-4F51-8435-5C52C47A13CE", "versionEndExcluding": "1.5.1"}, {"criteria": "cpe:2.3:a:pega-sus:google_for_jobs:*:*:*:*:*:typo3:*:*", "vulnerable": true, "matchCriteriaId": "449D1624-8373-474B-8FB5-162C0AEA3C06", "versionEndExcluding": "2.1.1", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}