Description
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
Remediation
References
Related Vulnerabilities
WordPress Plugin Another WordPress Classifieds Cross-Site Scripting (3.3.1)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0702)
Python Data Processing Errors Vulnerability (CVE-2013-7440)
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)
WordPress Plugin WordPress.com Custom CSS Cross-Site Scripting (1.5)