5.9 Medium
AI Score
Confidence
High
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.3%
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CPE | Name | Operator | Version |
---|---|---|---|
typo3:typo3 | typo3 | le | 4.0.1 |
typo3:typo3 | typo3 | eq | 4.0 |
marc.info/?l=full-disclosure&m=115918334930694&w=2
secunia.com/advisories/22071
securityreason.com/securityalert/1646
typo3.org/teams/security/security-bulletins/typo3-20060911-1/
www.securityfocus.com/archive/1/446885/100/0/threaded
www.securityfocus.com/bid/20173
www.vupen.com/english/advisories/2006/3782
exchange.xforce.ibmcloud.com/vulnerabilities/29128