Cross site scripting

2008-11-0400:58:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.

CPENameOperatorVersion
typoeq5.1
typoeq2.5.8
typoeq2.5.5
typoeq3.99.1
typoeq2.0.5
typoeq2.6.0
typole5.1.3
typoeq1.6
typoeq2.0.6
typoeq2.0.1

Name	Operator	Version
typo	eq	5.1
typo	eq	2.5.8
typo	eq	2.5.5
typo	eq	3.99.1
typo	eq	2.0.5
typo	eq	2.6.0
typo	le	5.1.3
typo	eq	1.6
typo	eq	2.0.6
typo	eq	2.0.1

Rows per page:

1-10 of 311

References

secunia.com/advisories/32272

securityreason.com/securityalert/4550

www.securityfocus.com/archive/1/497970

www.securityfocus.com/bid/31993

exchange.xforce.ibmcloud.com/vulnerabilities/46204