Description

The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

Remediation

References

CVE-2012-1608

Related Vulnerabilities

WebLogic Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-2725)

Serendipity Other Vulnerability (CVE-2004-2525)

WordPress Plugin Search Everything SQL Injection (7.0.2)

Nginx Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2012-2089)

WordPress Plugin Contact Bank-Contact Form Builder for WordPress 'Label' Field Cross-Site Scripting (2.0.19)

Severity

Medium

Classification

CVE-2012-1608 CWE-20

Tags

Missing Update Known Vulnerabilities