Unrated severityNVD Advisory· Published Jun 16, 2008· Updated Jun 16, 2026
CVE-2008-2718
CVE-2008-2718
Description
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*
- (no CPE)range: <4.0.9, <4.1.7, <4.2.1
Patches
Vulnerability mechanics
References
9- secunia.com/advisories/30619nvdVendor Advisory
- secunia.com/advisories/30660nvdVendor Advisory
- securityreason.com/securityalert/3945nvd
- typo3.org/teams/security/security-bulletins/typo3-20080611-1/nvd
- www.debian.org/security/2008/dsa-1596nvd
- www.securityfocus.com/archive/1/493270/100/0/threadednvd
- www.securityfocus.com/bid/29657nvd
- www.vupen.com/english/advisories/2008/1802nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/42986nvd
News mentions
0No linked articles in our index yet.