TYPO3 Indexed Search Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to cross site scripting vlnerability.

Impact

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Solution

Upgrade to TYPO3 version 4.0.2 or later, or apply the patch mentioned in the below link http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20060911-1

Insight

An error exists in the indexed search extension which fails to properly validate user supplied input

Affected

TYPO3 version before 4.0.2

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/29173
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20060911-1
http://xforce.iss.net/xforce/xfdb/29128

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-5069

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Novatel Wireless MiFi 2352 Password Information Disclosure Vulnerability
Mailman Detection
ASUS RT-N56U Wireless Router 'QIS_wizard.htm' Password Information Disclosure Vulnerability
NewsPortal 'post.php' Cross Site Scripting Vulnerability
CgiMail.exe vulnerability

Take action and discover your vulnerabilities