Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2718

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2718
Last Modified 07 Mar 2011 10:09:39
Published 16 Jun 2008 06:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2718

Summary

Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Typo3 4.0

  • Typo3 4.0.1

  • Typo3 4.0.2

  • Typo3 4.0.3

  • Typo3 4.0.4

  • Typo3 4.0.5

  • Typo3 4.0.6

  • Typo3 4.0.7

  • Typo3 4.0.8

  • Typo3 4.1

  • Typo3 4.1.1

  • Typo3 4.1.2

  • Typo3 4.1.3

  • Typo3 4.1.4

  • Typo3 4.1.5

  • Typo3 4.1.6

  • Typo3 4.2


References

XF - typo3-feadminlibinc-xss(42986)

VUPEN - ADV-2008-1802

BID - 29657

BUGTRAQ - 20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

DEBIAN - DSA-1596

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

SREASON - 3945

SECUNIA - 30660

SECUNIA - 30619


Last Updated: 27 May 2016 10:47:57