Cross-Site Scripting Vulnerability in BE User Switch Extension for TYPO3
CVE-2012-1084

Currently unrated

Key Information:

Vendor: Typo3
Status: Beuserswitch
Vendor: CVE Published:; 14 February 2012

What is CVE-2012-1084?

The BE User Switch extension for TYPO3 contains a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web scripts or HTML. This security flaw can be exploited through unspecified vectors, potentially compromising users' sessions or leading to unauthorized actions on their behalf. Site administrators are advised to review their installations and apply updates or mitigations to protect against this vulnerability.

References

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_MISC

http://www.securityfocus.com/bid/51852

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/72974

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2012
Vulnerability Reserved
Feb 14, 2012

Typo3

What is CVE-2012-1084?

References

Timeline