Description

The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

Remediation

References

CVE-2012-1608

Related Vulnerabilities

WordPress Plugin WP Project Manager-Task, team, and project management featuring kanban board and gantt charts Cross-Site Scripting (2.4.13)

PHP CVE-2008-2051 Vulnerability (CVE-2008-2051)

MySQL CVE-2018-3200 Vulnerability (CVE-2018-3200)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6106)

ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2024-5762)

Severity

Medium

Classification

CVE-2012-1608 CWE-20

Tags

Missing Update Known Vulnerabilities