CVE-2010-5097
EPSS 0.65%TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Published: 5/17/2022Modified: 2/8/2024
Also known as:GHSA-9hw3-4gvp-8mv5
Description
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected packages (1)
- Packagist/typo3/cms-frontend>= 4.3.0, < 4.3.9
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-5097
- PATCHhttps://github.com/TYPO3-CMS/frontend
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64178
- WEBhttps://web.archive.org/web/20110201071734/http://secunia.com/advisories/35770
- WEBhttps://web.archive.org/web/20111223211753/http://www.securityfocus.com/bid/45470
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
- WEBhttp://www.openwall.com/lists/oss-security/2011/01/13/2
- WEBhttp://www.openwall.com/lists/oss-security/2012/05/10/7
- WEBhttp://www.openwall.com/lists/oss-security/2012/05/11/3
- WEBhttp://www.openwall.com/lists/oss-security/2012/05/12/5