Multiple Cross-Site Scripting Vulnerabilities in TYPO3 WEC Discussion Forum
CVE-2008-6144

Currently unrated

Key Information:

Vendor: Typo3
Status: Wec Discussion Forum
Vendor: CVE Published:; 16 February 2009

What is CVE-2008-6144?

The WEC Discussion Forum extension for TYPO3, specifically versions 1.7.0 and earlier, contains multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML through unspecified vectors, posing significant security risks to affected systems. It is crucial for users of this extension to update to the latest version and apply security best practices to mitigate exposure to such threats.

References

http://secunia.com/advisories/33254

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/3502

vdb-entryx_refsource_VUPEN

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 16, 2009
Vulnerability Reserved
Feb 16, 2009

Typo3

What is CVE-2008-6144?

References

Timeline