Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

Remediation

References

CVE-2010-3715

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)

MediaWiki Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-2243)

Zikula Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-3979)

axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-1214)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11035)

Severity

Medium

Classification

CVE-2010-3715 CWE-707

Tags

Missing Update Known Vulnerabilities