CVE-2014-3949: XSS
First published: Wed Jun 04 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gridelements | <=1.5.0 | |
| Gridelements | =0.1.0 | |
| Gridelements | =0.2.0 | |
| Gridelements | =0.3.0 | |
| Gridelements | =0.5.0 | |
| Gridelements | =0.6.0 | |
| Gridelements | =1.0.0 | |
| Gridelements | =1.1.0 | |
| Gridelements | =1.2.0 | |
| Gridelements | =1.2.1 | |
| Gridelements | =1.2.2 | |
| Gridelements | =1.2.3 | |
| Gridelements | =1.3.0 | |
| Gridelements | =1.3.1 | |
| Gridelements | =1.3.2 | |
| Gridelements | =1.3.3 | |
| Gridelements | =1.3.4 | |
| Gridelements | =1.3.5 | |
| Gridelements | =1.3.6 | |
| Gridelements | =1.3.7 | |
| Gridelements | =1.3.8 | |
| Gridelements | =1.3.9 | |
| Gridelements | =1.3.10 | |
| Gridelements | =1.3.11 | |
| Gridelements | =1.3.12 | |
| Gridelements | =1.3.13 | |
| Gridelements | =1.4.0 | |
| Gridelements | =1.4.1 | |
| TYPO3 | ||
| Gridelements | =2.0.0 | |
| Gridelements | =2.0.1 | |
| Gridelements | =2.0.2 | |
| All of | ||
| Any of | ||
| Gridelements | <=1.5.0 | |
| Gridelements | =0.1.0 | |
| Gridelements | =0.2.0 | |
| Gridelements | =0.3.0 | |
| Gridelements | =0.5.0 | |
| Gridelements | =0.6.0 | |
| Gridelements | =1.0.0 | |
| Gridelements | =1.1.0 | |
| Gridelements | =1.2.0 | |
| Gridelements | =1.2.1 | |
| Gridelements | =1.2.2 | |
| Gridelements | =1.2.3 | |
| Gridelements | =1.3.0 | |
| Gridelements | =1.3.1 | |
| Gridelements | =1.3.2 | |
| Gridelements | =1.3.3 | |
| Gridelements | =1.3.4 | |
| Gridelements | =1.3.5 | |
| Gridelements | =1.3.6 | |
| Gridelements | =1.3.7 | |
| Gridelements | =1.3.8 | |
| Gridelements | =1.3.9 | |
| Gridelements | =1.3.10 | |
| Gridelements | =1.3.11 | |
| Gridelements | =1.3.12 | |
| Gridelements | =1.3.13 | |
| Gridelements | =1.4.0 | |
| Gridelements | =1.4.1 | |
| TYPO3 | ||
| All of | ||
| Any of | ||
| Gridelements | =2.0.0 | |
| Gridelements | =2.0.1 | |
| Gridelements | =2.0.2 | |
| TYPO3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3949?
The CVE-2014-3949 vulnerability is classified as a cross-site scripting (XSS) vulnerability, which can allow remote authenticated users to inject malicious scripts.
How do I fix CVE-2014-3949?
To fix CVE-2014-3949, upgrade the Grid Elements (gridelements) extension to version 1.5.1 or later for the 1.x series, or to version 2.0.3 or later for the 2.x series.
Who is affected by CVE-2014-3949?
CVE-2014-3949 affects authenticated backend users of the Grid Elements extension for TYPO3 versions below 1.5.1 and 2.0.x versions prior to 2.0.3.
What types of attacks can exploit CVE-2014-3949?
CVE-2014-3949 can be exploited through various vectors that allow for the injection of arbitrary web scripts or HTML.
Is CVE-2014-3949 specific to certain versions of TYPO3?
CVE-2014-3949 specifically affects certain versions of the Grid Elements extension, but TYPO3 itself is not directly vulnerable if the extension is not used.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/weakness
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/jo hasenau
- canonical/gridelements
- version/gridelements/1.5.0
- version/gridelements/0.1.0
- version/gridelements/0.2.0
- version/gridelements/0.3.0
- version/gridelements/0.5.0
- version/gridelements/0.6.0
- version/gridelements/1.0.0
- version/gridelements/1.1.0
- version/gridelements/1.2.0
- version/gridelements/1.2.1
- version/gridelements/1.2.2
- version/gridelements/1.2.3
- version/gridelements/1.3.0
- version/gridelements/1.3.1
- version/gridelements/1.3.2
- version/gridelements/1.3.3
- version/gridelements/1.3.4
- version/gridelements/1.3.5
- version/gridelements/1.3.6
- version/gridelements/1.3.7
- version/gridelements/1.3.8
- version/gridelements/1.3.9
- version/gridelements/1.3.10
- version/gridelements/1.3.11
- version/gridelements/1.3.12
- version/gridelements/1.3.13
- version/gridelements/1.4.0
- version/gridelements/1.4.1
- vendor/typo3
- canonical/typo3
- version/gridelements/2.0.0
- version/gridelements/2.0.1
- version/gridelements/2.0.2