WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2010-3668)

Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.

Remediation

References

Related Vulnerabilities

WordPress Plugin SagePay Server Gateway for WooCommerce Cross-Site Scripting (1.0.8)

MySQL CVE-2012-3173 Vulnerability (CVE-2012-3173)

Ruby Resource Management Errors Vulnerability (CVE-2008-2664)

Mailman Other Vulnerability (CVE-2004-1177)

WordPress Plugin WP Plugin Manager (WPPM) Cross-Site Scripting (1.6.4.b)

Severity

High

Classification

CVE-2010-3668 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities