CVE-2014-7200

TYPO3 dmmjobcontrol <2.14.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/34800

View Code ZIP pw:eip

References (5)

[Exploit] http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html

[Exploit] http://seclists.org/fulldisclosure/2014/Sep/89

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012

[Exploit] https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/70155

Scores

EPSS 0.0803

EPSS Percentile 92.1%

Details

CWE

CWE-79

Status published

Products (1)

kevin_renskers/dmmjobcontrol < 2.14.0

Published Oct 10, 2014

Tracked Since Feb 18, 2026