CVE-2008-2718
EUVD-2008-271116.06.2008, 22:41
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| typo3 | typo3 | 4.0 |
| typo3 | typo3 | 4.0.1 |
| typo3 | typo3 | 4.0.2 |
| typo3 | typo3 | 4.0.3 |
| typo3 | typo3 | 4.0.4 |
| typo3 | typo3 | 4.0.5 |
| typo3 | typo3 | 4.0.6 |
| typo3 | typo3 | 4.0.7 |
| typo3 | typo3 | 4.0.8 |
| typo3 | typo3 | 4.1 |
| typo3 | typo3 | 4.1.1 |
| typo3 | typo3 | 4.1.2 |
| typo3 | typo3 | 4.1.3 |
| typo3 | typo3 | 4.1.4 |
| typo3 | typo3 | 4.1.5 |
| typo3 | typo3 | 4.1.6 |
| typo3 | typo3 | 4.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
References