Cross-Site Scripting Vulnerability in TYPO3 Address Directory Extension
CVE-2008-3037

Currently unrated

Key Information:

Vendor: Typo3
Status: Address Directory
Vendor: CVE Published:; 7 July 2008

What is CVE-2008-3037?

The Address Directory extension for TYPO3, version 0.2.10 and earlier, is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML into pages that are presented to users. The attack can be executed through various unspecified vectors, potentially leading to session hijacking or unauthorized actions performed on behalf of the user.

References

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/43491

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/30048

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 7, 2008
Vulnerability Reserved
Jul 7, 2008

Typo3

What is CVE-2008-3037?

References

Timeline