Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3758

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-3758
Last Modified 31 Jul 2015 09:45:06
Published 16 May 2014 10:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3758

Summary

Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality.

Vulnerable Systems

Application

  • Karlen Walter Si Bibtex 0.2.3


References

MISC - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140430-0_Typo3_si_bibtex_extension_SQL_injection_and_XSS_vulnerabilities_v10.txt

BUGTRAQ - 20140430 SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex

BID - 67145


Last Updated: 27 May 2016 11:05:18