CVE-2010-5097

EPSS 0.65%

TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality

發布日:2022/5/17修改日:2024/2/8

描述

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

受影響套件(1)

Packagist/typo3/cms-frontend>= 4.3.0, < 4.3.9

參考連結(10)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-5097
PATCHhttps://github.com/TYPO3-CMS/frontend
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/64178
WEBhttps://web.archive.org/web/20110201071734/http://secunia.com/advisories/35770
WEBhttps://web.archive.org/web/20111223211753/http://www.securityfocus.com/bid/45470
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
WEBhttp://www.openwall.com/lists/oss-security/2011/01/13/2
WEBhttp://www.openwall.com/lists/oss-security/2012/05/10/7
WEBhttp://www.openwall.com/lists/oss-security/2012/05/11/3
WEBhttp://www.openwall.com/lists/oss-security/2012/05/12/5