CVE-2009-3630

medium

Description

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53920

http://www.vupen.com/english/advisories/2009/3009

http://www.securityfocus.com/bid/36801

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

http://secunia.com/advisories/37122

http://marc.info/?l=oss-security&m=125632856206736&w=2

Details

Source: Mitre, NVD

Published: 2009-11-02

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Severity: Medium