[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2455-1 typo3-src -- missing input sanitization

ID: oval:org.secpod.oval:def:600783Date: (C)2012-04-27   (M)2022-10-10
Class: PATCHFamily: unix




Helmut Hummel of the typo3 security team discovered that typo3, a web content management system, is not properly sanitizing output of the exception handler. This allows an attacker to conduct cross-site scripting attacks if either third-party extensions are installed that do not sanitize this output on their own or in the presence of extensions using the extbase MVC framework which accept objects to controller actions.

Platform:
Debian 6.0
Product:
typo3
Reference:
DSA-2455-1
CVE-2012-2112
CVE    1
CVE-2012-2112
CPE    41
cpe:/a:typo3:typo3:4.5.9
cpe:/a:typo3:typo3:4.4.9
cpe:/a:typo3:typo3:4.5.8
cpe:/a:typo3:typo3:4.6.7
...

© SecPod Technologies