Medium severity5.4NVD Advisory· Published Oct 20, 2017· Updated May 13, 2026
CVE-2010-3659
CVE-2010-3659
Description
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-backendPackagist | >= 4.1.0, < 4.1.14 | 4.1.14 |
typo3/cms-backendPackagist | >= 4.2.0, < 4.2.13 | 4.2.13 |
typo3/cms-backendPackagist | >= 4.3.0, < 4.3.4 | 4.3.4 |
typo3/cms-backendPackagist | >= 4.4.0, < 4.4.1 | 4.4.1 |
Affected products
32cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*+ 31 more
- cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.securityfocus.com/bid/42029nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-jr79-65xr-q7cxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-3659ghsaADVISORY
- security-tracker.debian.org/tracker/CVE-2010-3659/nvdThird Party Advisory
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012/nvdVendor Advisory
- www.openwall.com/lists/oss-security/2010/09/28/8nvdMailing ListWEB
- www.openwall.com/lists/oss-security/2014/02/12/8nvdMailing ListWEB
- security-tracker.debian.org/tracker/CVE-2010-3659ghsaWEB
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012ghsaWEB
- web.archive.org/web/20120903133822/http://www.securityfocus.com/bid/42029ghsaWEB
News mentions
0No linked articles in our index yet.