GHSA-mg66-3x8x-r8g2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mg66-3x8x-r8g2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mg66-3x8x-r8g2/GHSA-mg66-3x8x-r8g2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mg66-3x8x-r8g2
- Aliases
-
- CVE-2009-3630
- Published
- 2022-05-02T03:46:56Z
- Modified
- 2024-02-08T21:56:40.747621Z
- Summary
- TYPO3 Backend vulnerable to Frame Hijacking
- Details
-
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.
- Database specific
{ "nvd_published_at": "2009-11-02T15:30:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-02-08T21:41:03Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-3630
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53920
- https://github.com/TYPO3-CMS/backend
- https://web.archive.org/web/20101223093042/http://www.securityfocus.com/bid/36801
- http://marc.info/?l=oss-security&m=125632856206736&w=2
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016
Affected packages
Packagist / typo3/cms-backend
Package
- Name
- typo3/cms-backend
- Purl
- pkg:composer/typo3/cms-backend
Packagist / typo3/cms-backend
Package
- Name
- typo3/cms-backend
- Purl
- pkg:composer/typo3/cms-backend
Packagist / typo3/cms-backend
Package
- Name
- typo3/cms-backend
- Purl
- pkg:composer/typo3/cms-backend
Packagist / typo3/cms-backend
Package
- Name
- typo3/cms-backend
- Purl
- pkg:composer/typo3/cms-backend