Improper Neutralization of Special Elements in Output Used by a Downstream Component in TYPO3 - CVE-2010-3668
Published: November 5, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30708
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2010-3668
CWE-ID: CWE-74
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TYPO3
Affected software:
TYPO3
TYPO3
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
How to mitigate CVE-2010-3668
Install update from vendor's website.