CVE-2017-5962

Name of the Vulnerable Software and Affected Versions contexts wurfl (for TYPO3) versions prior to 0.4.2

Description The issue is caused by insufficient filtration of user-supplied data in the force ua HTTP GET parameter passed to the "/contexts wurfl/Library/wurfl-dbapi-1.4.4.0/check wurfl.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/contexts wurfl/Library/wurfl-dbapi-1.4.4.0/check wurfl.php" API endpoint to minimize the risk of exploitation. Avoid using the force ua parameter in the affected API endpoint until the issue is resolved.