CVE-2016-15032 LOW

CVE-2016-15032: mback2k mh_httpbl Extension class.tx_mhhttpbl.php stopOutput cross site scripting

Vendor Mback2K
Product mh_httpbl Extension
Weakness CWE-79 · XSS
Published June 1, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

June 1, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-15280 Cisco Firepower Management Center Software Stored Cross-Site Scripting Vulnerability CVE-2024-3974 BuddyPress <= 12.4.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2023-29515 Cross-site scripting (XSS) in xwiki-platform CVE-2024-29913 WordPress Tutor LMS Elementor Addons plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability CVE-2025-49243 WordPress ShiftNav – Responsive Mobile Menu plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability