VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Feb 12, 2017· Updated May 13, 2026

CVE-2017-5963

CVE-2017-5963

Description

An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Affected products

22
  • Caddy Project/Caddy22 versions
    cpe:2.3:a:caddy_project:caddy:2.1.4:alpha:*:*:*:typo3:*:*+ 21 more
    • cpe:2.3:a:caddy_project:caddy:2.1.4:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:2.1.5:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:2.1.6:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:3.0.0:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:4.0.0:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:4.0.12:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:4.0.1:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:4.0.2:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:4.0.3:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.0.12:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.0.14:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.0.1:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.0.2:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.0.9:alpha:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.1.0:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.2.1:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.3.0:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.3.1:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:6.3.3:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:7.0.0:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:7.1.0:beta:*:*:*:typo3:*:*
    • cpe:2.3:a:caddy_project:caddy:7.2.7:beta:*:*:*:typo3:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.