Description
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.
Remediation
References
Related Vulnerabilities
WordPress Plugin Child Theme Configurator Arbitrary File Disclosure (1.7.4)
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
Joomla! Core 1.0.5 Security Bypass (1.0.5)
WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (1.2)
WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)