Typo3 Association · Indexed Search Extension · CVE-2006-5069
**Name of the Vulnerable Software and Affected Versions**
Typo3 versions prior to 4.0.2
Indexed Search extension version 2.9.0
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the search parameter.
**Recommendations**
For Typo3 versions prior to 4.0.2, update to version 4.0.2 or later to resolve the issue.
For Indexed Search extension version 2.9.0, consider disabling the search functionality until a patched version is available.