CVE-2009-3630

TYPO3 <4.0.13, <4.1.13, <4.2.10, <4.3beta2 - Frame Hijacking

Title source: llm

Description

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

References (6)

[Vendor Advisory] http://secunia.com/advisories/37122

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/

[Patch] http://www.securityfocus.com/bid/36801

[Patch, Vendor Advisory] http://www.vupen.com/english/advisories/2009/3009

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53920

[Mailing List] http://marc.info/?l=oss-security&m=125632856206736&w=2

Scores

EPSS 0.0095

EPSS Percentile 76.1%

Classification

Status draft

Affected Products (50)

typo3/typo3 < 4.0.12

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

... and 35 more

Timeline

Published Nov 02, 2009

Tracked Since Feb 18, 2026