Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0

Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 2.6/10
Impact Subscore: 2.9/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3. This extension is part of a default Typo3 4.0.x installlation. Typo3 4.0.2 fixes it. http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/ Credits go to Mr. Ekkehard Gümbel (discovery) and Mr. Ingmar Schlecht (patch). This is rather old, dating back to september 11th. Unfortunately Typo3 advisories rarely end up here. http://typo3.org/teams/security/security-bulletins/ Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8 Mufef7E2mYQKUgFibpnoKbs= =CWLZ -----END PGP SIGNATURE-----

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com


Back to Top