Cross-Site Scripting Vulnerability in TYPO3 WEC Discussion Forum Extension
CVE-2008-3029

Currently unrated

Key Information:

Vendor: Typo3
Status: Wec Discussion Forum
Vendor: CVE Published:; 7 July 2008

What is CVE-2008-3029?

The WEC Discussion Forum extension for TYPO3, up to version 1.6.2, contains a cross-site scripting vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML code, which could lead to unauthorized actions being performed on behalf of users. The exploitation of this vulnerability can undermine the security of the affected web application, potentially compromising user data and system integrity. It is crucial for administrators to review the security advisory and implement recommended patches.

References

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/30026

vdb-entryx_refsource_BID

http://secunia.com/advisories/30905

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 7, 2008
Vulnerability Reserved
Jul 7, 2008

Typo3

What is CVE-2008-3029?

References

Timeline