PT-2012-3072 · Typo3 · Beuserswitch Extension
Sebastian Böttger
·
Published
2012-02-14
·
Updated
2017-08-29
·
CVE-2012-1084
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BE User Switch extension version 0.0.1 for TYPO3
Description
The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially leading to unauthorized access or control over user sessions.
Recommendations
For BE User Switch extension version 0.0.1, consider disabling the extension until a patch is available to prevent exploitation of the XSS vulnerability.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Beuserswitch Extension