Description
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
Remediation
References
Related Vulnerabilities
MySQL CVE-2013-3795 Vulnerability (CVE-2013-3795)
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)
WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4)
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12603)