Summary
This host is installed with TYPO3 and is prone to open redirection vulnerability.
Impact
Successful exploitation will allow remote attackers to conduct phishing attacks.
Impact Level: Application
Solution
Upgrade to TYPO3 version 4.1.14, 4.2.13, 4.3.4, 4.4.1 or later, For updates refer to, http://typo3.org/
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012
Insight
An error exists in Backend, which fails to sanitize "redirect" parameter properly
Affected
TYPO3 version before 4.1.14 and below, 4.2.0 to 4.2.13, 4.3.0 to 4.3.3 and 4.4.0
Detection
Send a Crafted HTTP GET request and check whether it is able to get sensitive information.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities