Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
typo3 typo3 4.0.1 |
||
typo3 typo3 4.0.2 |
||
typo3 typo3 4.1.1 |
||
typo3 typo3 4.1.2 |
||
typo3 typo3 4.0.3 |
||
typo3 typo3 4.0.4 |
||
typo3 typo3 4.1.3 |
||
typo3 typo3 4.1.4 |
||
typo3 typo3 4.0.5 |
||
typo3 typo3 4.0.6 |
||
typo3 typo3 4.1.5 |
||
typo3 typo3 4.1.6 |
||
typo3 typo3 4.0 |
||
typo3 typo3 4.0.7 |
||
typo3 typo3 4.0.8 |
||
typo3 typo3 4.1 |
||
typo3 typo3 4.2 |
Vulmon