Description

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

Remediation

References

CVE-2009-3630

Related Vulnerabilities

WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2005-3357)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7927)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5876)

Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-15811)

Severity

Medium

Classification

CVE-2009-3630

Tags

Missing Update Known Vulnerabilities