Published: 10/10/2014 Updated: 22/10/2014

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and previous versions for TYPO3 allows remote malicious users to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kevin renskers dmmjobcontrol

Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl (dmmjobcontrol) Multiple Vulnerabilities Product: dmmjobcontrol (Typo3 Extension) Affected versions: 2140 Impact: high Remote: yes Product link: typo3org/exten ...

CWE-79 http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html http://www.securityfocus.com/bid/70155 https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt http://seclists.org/fulldisclosure/2014/Sep/89 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012 https://nvd.nist.gov https://www.exploit-db.com/exploits/34800/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-7200

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect