| Name | CVE-2009-3630 |
| Description | The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1926-1 |
| Debian Bugs | 552020 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| typo3-src | source | etch | 4.0.2+debian-9 | DSA-1926-1 | ||
| typo3-src | source | lenny | 4.2.5-1+lenny2 | DSA-1926-1 | ||
| typo3-src | source | (unstable) | 4.2.10-1 | medium | 552020 |