TYPO3 Indexed Search Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to cross site scripting vlnerability.

Impact

Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials. Impact Level: Application

Solution

Upgrade to TYPO3 version 4.0.2 or later, or apply the patch mentioned in the below link http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20060911-1

Insight

An error exists in the indexed search extension which fails to properly validate user supplied input

Affected

TYPO3 version before 4.0.2

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/29173
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20060911-1
http://xforce.iss.net/xforce/xfdb/29128

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-5069
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

IBM WebSphere Application Server SIP Logging Information Disclosure Vulnerability
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
DIRB (NASL wrapper)
phpMyFAQ 'index.php' Cross Site Scripting Vulnerability
DD-WRT '/Info.live.htm' Multiple Information Disclosure Vulnerabilities

Take action and discover your vulnerabilities