5.4

CVSS Score

3.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2010-3659

CVE-2010-3659: TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2010-3659

CVE-2010-3659:

5.4

CVSS Score

3.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms-backend	composer	>= 4.1.0, < 4.1.14	4.1.14
typo3/cms-backend	composer	>= 4.2.0, < 4.2.13	4.2.13
typo3/cms-backend	composer	>= 4.3.0, < 4.3.4	4.3.4
typo3/cms-backend	composer	>= 4.4.0, < 4.4.1	4.4.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly mentions XSS in both the extension manager and backend forms. While no exact functions are disclosed, TYPO3's architecture suggests:

ExtensionManagerController would handle extension management parameters
FormEngine is core to backend form rendering Both components would process user input that needs sanitization. The medium confidence reflects educated guessing based on component responsibilities, as no patch details or code examples are available to confirm exact vulnerable functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.4

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2010-3659: TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms

CVE-2010-3659:

5.4

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

5.4

5.4

CVE-2010-3659: TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI