Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.

Remediation

References

CVE-2010-3659

Related Vulnerabilities

WordPress Plugin Product Catalog Cross-Site Scripting (4.2.8)

Joomla! Core 3.x.x Directory Traversal (3.0.0 - 3.9.24)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3463)

WordPress Plugin Download Plugin Security Bypass (1.6.0)

PHP Use of Uninitialized Resource Vulnerability (CVE-2015-3414)

Severity

Medium

Classification

CVE-2010-3659 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities