CVE-2009-3630 – typo3/cms-backend

Package

Manager: composer
Name: typo3/cms-backend
Vulnerable Version: >=0 <=4.0.13 || >=4.1.0 <4.1.13 || >=4.2.0 <4.2.10 || >=4.3alpha1 <4.3beta2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00949 pctl0.75448

Details

TYPO3 Backend vulnerable to Frame Hijacking The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

Metadata

Created: 2022-05-02T03:46:56Z
Modified: 2024-02-08T21:41:03Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mg66-3x8x-r8g2/GHSA-mg66-3x8x-r8g2.json
CWE IDs: []
Alternative ID: GHSA-mg66-3x8x-r8g2
Finding: F360
Auto approve: 1