Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0816)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.

Remediation

References

Related Vulnerabilities

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-43950)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1102)

WordPress Plugin MobiLoud-WordPress Mobile Apps-Convert your WordPress Website to Native Mobile Apps Remote Code Execution (4.0.1)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27898)

Severity

Medium

Classification

CVE-2009-0816 CWE-707

Tags

Missing Update Known Vulnerabilities