Summary
This host is installed with TYPO3 and is prone to cross site scripting vlnerability.
Impact
Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials.
Impact Level: Application
Solution
Upgrade to TYPO3 version 4.0.2 or later, or apply the patch mentioned in the below link
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20060911-1
Insight
An error exists in the indexed search extension which fails to properly validate user supplied input
Affected
TYPO3 version before 4.0.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2006-5069 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- ASUS RT-N56U Wireless Router 'QIS_wizard.htm' Password Information Disclosure Vulnerability
- Axis Commerce HTML Injection Vulnerability
- Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability
- IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability
- Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities