CVE-2010-3669

Published: Nov 4, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.

Affected (3)

Products: Typo3: Typo3

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	From 4.2.0 to 4.2.13
Typo3 Typo3	From 4.3.0 to 4.3.4
Typo3 Typo3	From 4.4.0 to 4.4.1

Related CWEs

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2010-3669

Source: cve@mitre.org

Third Party Advisory

https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS

Source: cve@mitre.org

Vendor Advisory

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security-tracker.debian.org/tracker/CVE-2010-3669

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.