CVE-2008-5644 — TYPO3 Cross-site Scripting vulnerability in the file backend module

Description

Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

How to fix CVE-2008-5644

To remediate CVE-2008-5644, upgrade the affected package to a fixed version below.

Packagist/typo3/cms-backend—upgrade to 4.2.3 or later

Is CVE-2008-5644 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 4.2.2, < 4.2.3

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2008-5644
PATCHgithub.com/TYPO3-CMS/backend
WEBexchange.xforce.ibmcloud.com/vulnerabilities/46585
WEBweb.archive.org/web/20111229084039/http://secunia.com/advisories/32689