PatchSiren cyber security CVE debrief

CVE-2016-4056 Typo3 CVE debrief

CVE-2016-4056 is a cross-site scripting issue in the TYPO3 Backend component. The vulnerability affects TYPO3 6.2.x before 6.2.19 and can let a remote attacker inject arbitrary web script or HTML via the module parameter when creating a bookmark. Because the attack requires user interaction, the main risk is malicious code executing in an authenticated user’s browser session rather than direct server compromise.

Vendor: Typo3
Product: CVE-2016-4056
CVSS: MEDIUM 6.1
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-23
Original CVE updated: 2026-05-13
Advisory published: 2017-01-23
Advisory updated: 2026-05-13

Who should care

Administrators and security teams running TYPO3 6.2.x instances, especially environments where backend users can create or manage bookmarks. Backend users and editors should also care because the issue is triggered through a user-facing workflow.

Technical summary

NVD classifies the weakness as CWE-79 (cross-site scripting) and assigns a CVSS 3.0 vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerable surface is the backend bookmark creation flow, where the module parameter can be abused to inject script or HTML. The published references identify TYPO3 Core Security Advisory 2016-006 as the vendor fix path and a third-party advisory describing the issue as stored cross-site scripting in TYPO3 bookmarks.

Defensive priority

Medium. The issue is remote and can affect authenticated backend users through normal interaction, but it does not indicate direct availability impact or unauthenticated server takeover. Prioritize it if you still operate TYPO3 6.2.x before 6.2.19 or expose backend access broadly.

Recommended defensive actions

Upgrade TYPO3 6.2.x installations to 6.2.19 or later, using the vendor advisory as the remediation reference.
Review backend bookmark-related workflows and limit backend access to trusted users only.
Apply least-privilege access to TYPO3 backend accounts and remove stale or unnecessary accounts.
Verify that browser and session security controls are in place for backend users, since the impact is browser-side script execution.
Check for any suspicious bookmark data or unusual backend activity around the affected module parameter.
Use the vendor advisory and NVD entry to confirm whether any local hardening or configuration guidance applies to your deployment.

Evidence notes

The CVE description states that arbitrary web script or HTML can be injected via the module parameter when creating a bookmark in the TYPO3 Backend component. The NVD record lists affected TYPO3 6.2.x versions up to 6.2.18 and points to TYPO3 Core Security Advisory 2016-006 plus a third-party advisory and an oss-security mailing list post dated 2016-04-21. This debrief uses the CVE published date of 2017-01-23 for disclosure timing context; the security discussion referenced by the corpus predates that publication.

Official resources

CVE-2016-4056 CVE record
CVE.org
CVE-2016-4056 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected] - Mailing List
Mitigation or vendor reference
[email protected] - Exploit, Technical Description, Third Party Advisory
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory

Public security discussion is referenced in the corpus on 2016-04-21, while the CVE was published by NVD on 2017-01-23. Treat the CVE publication date as the disclosure date in this record; the later 2026-05-13 modification is a database更新,