TYPO3 Third-Party Components Multiple Vulnerabilities


Description   (#Several vulnerabilities were reported in third-party components of TYPO3:#- TC Directmail : unvalidated redirect. A remote attacker could exploit it by enticing his victim into following a specially crafted link in order to redirect to a malicious website. This vulnerability stems from a lack of validation of user-supplied input##- Member Infosheets: SQL injection. A remote attacker could exploit it by sending crafted requests that include SQL statements in order to modify or delete entries in some database tables##- Secure Download Form: cross-site scripting. A remote attacker could exploit it by enticing their victim into following a specially formed link in order to execute arbitrary JavaScript or HTML code##- Shibboleth Authentication: SQL injection. A remote attacker could exploit it by sending crafted requests that include SQL statements in order to modify or delete entries in some database tables##- Code Highlighter : insecure unserialize and SQL injection##- Store Locator : cross-site scripting. A remote attacker could exploit it by enticing their victim into following a specially formed link in order to execute arbitrary JavaScript or HTML code.)
     
Vulnerable Products   Vulnerable Software:
Typo3 (Typo3) -
     
Solution   - Store Locator : 3.3.7.
     
CVE  
     
References   - TYPO3-EXT-SA-2016-033 : Unvalidated Redirect in extension "TC Directmail" (tcdirectmail)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-033/
- TYPO3-EXT-SA-2016-032 : SQL Injection in extension "Member Infosheets" (if_membersheet)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-032/
- TYPO3-EXT-SA-2016-031 : Cross Site-Scripting in extension "Secure Download Form" (rs_securedownload)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-031/
- TYPO3-EXT-SA-2016-030 : SQL Injection in extension "Shibboleth Authentication" (shibboleth_auth)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-030/
- TYPO3-EXT-SA-2016-029 : Insecure Unserialize and SQL Injection in extension "Code Highlighter" (mh_code_highlighter)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-029/
- TYPO3-EXT-SA-2016-028 : Cross-Site Scripting in extension "Store Locator" (locator)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-028/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2016-11-14 

 Target Type 
Server 

 Possible exploit 
Remote