CVE-2008-4903

Publication date 4 November 2008

Last updated 24 July 2024


Ubuntu priority

Cross-site scripting (XSS) vulnerability in the leave comment (feedback) feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) comment[author] (Name) and (2) comment[url] (Website) parameters.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
typo3-src 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes


mdeslaur

This isn’t typo3, it’s something we don’t have