Description

Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Remediation

References

CVE-2009-3634

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Arbitrary File Upload (2.0.21)

WordPress Plugin WP24 Domain Check Cross-Site Scripting (1.6.2)

WordPress Plugin PromoBar by BestWebSoft Cross-Site Scripting (1.1.0)

PleskLin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1557)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Arbitrary File Upload (3.4.4)

Severity

Medium

Classification

CVE-2009-3634 CWE-707

Tags

Missing Update Known Vulnerabilities