This host is installed with TYPO3 and is prone to multiple vulnerabilities.

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials or get sensitive information. Impact Level: Application

Upgrade to TYPO3 version 4.5.19, 4.6.12, 4.7.4 or later, For updates refer to, http://typo3.org/

Multiple error exists in the application, - An error exist in backend help system, which misses a signature (HMAC) for a parameter in the view_help.php file. - An error exist in the application, which fails to HTML-encode user input in several places - An error exist in typo3 backend, which exposes Encryption Key when configuration module is accessed. - An error exist in API method t3lib_div::RemoveXSS(), which fails to filter specially crafted HTML injections. - An error exist in Install Tool, which fails to sanitize user input properly.

TYPO3 version 4.5.0 up to 4.5.18, 4.6.0 up to 4.6.11, 4.7.0 up to 4.7.3

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://osvdb.org/84771
• http://secunia.com/advisories/50287/
• http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004

---

Updated on 2015-03-25