CVE-2008-4903

Name of the Vulnerable Software and Affected Versions Typo versions 5.1.3 and earlier

Description A cross-site scripting (XSS) issue exists in the leave comment feature, allowing remote attackers to inject arbitrary web script or HTML via the comment[author] and comment[url] parameters. This could potentially lead to malicious actions on the affected system.

Recommendations For Typo versions 5.1.3 and earlier, consider disabling the leave comment feature until a fix is available. Restrict access to the comment[author] and comment[url] parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.