VYPR
← All advisories
Low severityNVD Advisory· Published May 21, 2012· Updated Apr 29, 2026

CVE-2010-5097

CVE-2010-5097

Description

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-frontendPackagist
>= 4.3.0, < 4.3.94.3.9
typo3/cms-frontendPackagist
>= 4.4.0, < 4.4.54.4.5

Affected products

15
  • TYPO3/Typo314 versions
    cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*
  • ghsa-coords
    pkg:composer/typo3/cms-frontend
    Range: >= 4.3.0, < 4.3.9

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.