CVE-2010-3659 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14 4.2.x before 4.2.13 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager or unspecified parameters to unknown backend forms.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.openwall.com/lists/oss-security/2010/09/28/8 http://www.openwall.com/lists/oss-security/2014/02/12/8 http://www.securityfocus.com/bid/42029 https://security-tracker.debian.org/tracker/CVE-2010-3659/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: