Summary
This host is installed with TYPO3 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to conduct host spoofing and cross-site scripting attacks.
Impact Level: Application
Solution
Upgrade to TYPO3 version 4.5.34, 4.7.19, 6.0.14, 6.1.9 or 6.2.3 or later, For updates refer to http://typo3.org
Insight
The flaws are due to,
- Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing.
- Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript by crafting URL parameters.
Affected
TYPO3 versions 4.5.0 to 4.5.33, 4.7.0 to 4.7.18, 6.0.0 to 6.0.13, 6.1.0 to 6.1.8 and 6.2.0 to 6.2.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3941, CVE-2014-3943 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Adobe JRun Management Console Multiple Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability