Cross-site Scripting Vulnerability in TYPO3 User Registration Extension
CVE-2008-2274

Currently unrated

Key Information:

Vendor: Typo3
Status: Sr Feuser Register Extension
Vendor: CVE Published:; 16 May 2008

What is CVE-2008-2274?

The sr_feuser_register extension for TYPO3 contains a Cross-site Scripting (XSS) vulnerability that enables remote attackers to inject arbitrary web scripts or HTML into pages viewed by users. This issue arises due to insufficient validation of user-supplied inputs, impacting versions ranging from 1.4.0 to 2.5.9. Attackers can exploit this flaw to execute malicious scripts in the context of the affected user's session, facilitating phishing and other malicious activities.

References

http://secunia.com/advisories/30275

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/29239

vdb-entryx_refsource_BID

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 16, 2008
Vulnerability Reserved
May 16, 2008

Typo3

What is CVE-2008-2274?

References

Timeline