Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.
References
| Link | Resource |
|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 | Patch Vendor Advisory |
| http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 | |
| http://secunia.com/advisories/33254 | Vendor Advisory |
| http://www.vupen.com/english/advisories/2008/3502 |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Information
Published : 2009-02-16 09:30
Updated : 2011-03-07 19:15
NVD link : CVE-2008-6144
Mitre link : CVE-2008-6144
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Advertisement
Products Affected
typo3
- wec_discussion_forum
- typo3