PT-2010-5629 · Typo3 · Typo3
Gregor Kopf
·
Published
1970-01-01
·
Updated
2022-05-17
·
CVE-2010-3715
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.2.x through 4.2.14
TYPO3 versions 4.3.x through 4.3.6
TYPO3 versions 4.4.x through 4.4.3
Description
The issue allows remote attackers to inject arbitrary web script or HTML via vectors related to the RemoveXSS function, and allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the backend. This can lead to a breach of protected information. The exploitation of the vulnerabilities can be carried out remotely.
Recommendations
For versions 4.2.x through 4.2.14, update to version 4.2.15 or later.
For versions 4.3.x through 4.3.6, update to version 4.3.7 or later.
For versions 4.4.x through 4.4.3, update to version 4.4.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Typo3