WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2010-3668)

Description

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.

Remediation

References

Related Vulnerabilities

Moodle Improper Access Control Vulnerability (CVE-2016-2159)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7196)

SharePoint CVE-2021-34517 Vulnerability (CVE-2021-34517)

WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.5.4)

Severity

High

Classification

CVE-2010-3668 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities