Description

The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

Remediation

References

CVE-2012-1608

Related Vulnerabilities

Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32474)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-3327)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.3.0)

WordPress Plugin Backup Migration Arbitrary File Download (1.3.6)

Severity

Medium

Classification

CVE-2012-1608 CWE-20

Tags

Missing Update Known Vulnerabilities