Description
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2956 Vulnerability (CVE-2019-2956)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3542)
WordPress Plugin Team Members Cross-Site Scripting (5.0.3)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2009-4030)