|
|
Log in / Subscribe / Register

typo3-src: multiple vulnerabilities

Package(s):typo3-src CVE #(s):CVE-2012-1606 CVE-2012-1607 CVE-2012-1608
Created:April 2, 2012 Updated:April 4, 2012
Description: From the Debian advisory:

CVE-2012-1606: Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities.

CVE-2012-1607: Accessing a CLI Script directly with a browser may disclose the database name used for the TYPO3 installation.

CVE-2012-1608: By not removing non printable characters, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting.

Alerts:
Debian DSA-2445-1 typo3-src 2012-03-31
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds