Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

Remediation

References

CVE-2010-3715

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6024)

WordPress Plugin dwnldr Cross-Site Scripting (1.0)

WordPress Plugin Font Awesome Information Disclosure (4.0.0-rc16)

Oracle JRE CVE-2013-1564 Vulnerability (CVE-2013-1564)

WordPress Plugin Advanced Classifieds & Directory Pro Cross-Site Scripting (1.7.5)

Severity

Medium

Classification

CVE-2010-3715 CWE-707

Tags

Missing Update Known Vulnerabilities