Description
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
Remediation
References
Related Vulnerabilities
Python Improper Input Validation Vulnerability (CVE-2020-8315)
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
Varnish Cache Other Vulnerability (CVE-2013-4090)
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.9)