Published: 25/10/2010 Updated: 27/10/2010

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x prior to 4.2.15, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.4 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

Vulnerable Product	Search on Vulmon	Subscribe to Product
typo3 typo3 4.2.4
typo3 typo3 4.2.10
typo3 typo3 4.2.11
typo3 typo3 4.2.12
typo3 typo3 4.2.9
typo3 typo3 4.2.2
typo3 typo3 4.2.14
typo3 typo3 4.3.1
typo3 typo3 4.3.6
typo3 typo3 4.4.1
typo3 typo3 4.4.3
typo3 typo3 4.2.3
typo3 typo3 4.2.5
typo3 typo3 4.2.6
typo3 typo3 4.2.7
typo3 typo3 4.2.8
typo3 typo3 4.3.2
typo3 typo3 4.3.3
typo3 typo3 4.3.4
typo3 typo3 4.3.5
typo3 typo3 4.2.0
typo3 typo3 4.2.1
typo3 typo3 4.2.13
typo3 typo3 4.3.0
typo3 typo3 4.4
typo3 typo3 4.4.2

Several remote vulnerabilities have been discovered in TYPO3 The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3714 Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files with the privileges of the account under which the web ...

CWE-79 http://www.securityfocus.com/bid/43786 http://www.debian.org/security/2010/dsa-2121 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/https://nvd.nist.gov https://www.debian.org/security/./dsa-2121

CVE-2010-3715

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect