TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
BID:51845
Info
TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51845 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5079 CVE-2012-1070 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2012 12:00AM |
| Updated: | Feb 16 2012 05:50PM |
| Credit: | Marcus Krause |
| Vulnerable: |
Typo3 Modern FAQ 1.1.2 |
| Not Vulnerable: |
Typo3 Modern FAQ 1.1.4 |
Discussion
TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
TYPO3 Modern FAQ is prone to unspecified open-redirection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
TYPO3 Modern FAQ 1.1.2 and prior are vulnerable.
TYPO3 Modern FAQ is prone to unspecified open-redirection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, and conduct phishing attacks. Other attacks may also be possible.
TYPO3 Modern FAQ 1.1.2 and prior are vulnerable.
Exploit / POC
TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
Solution / Fix
TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
TYPO3 Modern FAQ Extension Open-Redirection and Cross Site Scripting Vulnerabilities
References:
References: