Nicole Cordes

**Name of the Vulnerable Software and Affected Versions** mback2k mh httpbl Extension versions 1.1.7 and earlier **Description** A problematic vulnerability has been found in the mback2k mh httpbl Extension on TYPO3, affecting the function `stopOutput` of the file `class.tx mhhttpbl.php`. The manipulation of the argument `$ SERVER['REMOTE ADDR']` leads to cross-site scripting. It is possible to initiate the attack remotely. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For versions 1.1.7 and earlier, upgrade to version 1.1.8 to address this issue. As a temporary workaround, consider restricting access to the `stopOutput` function of the `class.tx mhhttpbl.php` file until the upgrade is applied. Additionally, be cautious when using the `$ SERVER['REMOTE ADDR']` argument to minimize the risk of exploitation.