VYPR
← All advisories
Low severityNVD Advisory· Published Dec 17, 2008· Updated Apr 23, 2026

CVE-2008-5656

CVE-2008-5656

Description

Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A cross-site scripting vulnerability in the TYPO3 felogin frontend plugin allows remote attackers to inject arbitrary web script or HTML.

Vulnerability

The vulnerability is a cross-site scripting (XSS) flaw in the frontend plugin for the felogin system extension within the TYPO3 content management framework. It affects TYPO3 versions 4.2.0, 4.2.1, and 4.2.2 [1][3]. The specific input parameter or vector is not publicly disclosed [2].

Exploitation

An attacker can trigger the vulnerability by sending a crafted request to the felogin frontend plugin, which fails to properly sanitize user-supplied input before rendering it in the browser. No authentication is required, and the attack can be performed remotely over HTTP. The exact sequence of steps is not documented in the available references [1][3][4].

Impact

Successful exploitation allows an attacker to inject and execute arbitrary web script or HTML in the context of the victim's browser session. This can lead to session hijacking, credential theft, or defacement, all within the trust relationship the user has with the TYPO3 site [1][3].

Mitigation

The vulnerability is fixed in TYPO3 version 4.2.3, released on December 18, 2008 [3][4]. TYPO3 administrators should upgrade all affected installations to at least version 4.2.3. No workaround is publicly documented [2].

References
  1. NVD - CVE-2008-5656
  2. GitHub - TYPO3-CMS/felogin: [READ-ONLY] Subtree split of the TYPO3 Core Extension "felogin"
  3. TYPO3 Core Multiple Cross Site Scripting Vulnerabilities
  4. Wayback Machine

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-feloginPackagist
>= 4.2.0, < 4.2.34.2.3

Affected products

6
  • TYPO3/Typo34 versions
    cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
    • (no CPE)range: >=4.2.0, <=4.2.2
  • TYPO3/feloginllm-create
    Range: >=4.2.0, <=4.2.2
  • ghsa-coords
    pkg:composer/typo3/cms-felogin
    Range: >= 4.2.0, < 4.2.3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.