Description

Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2010-5097

Related Vulnerabilities

WordPress Plugin Amazon Tools Cross-Site Scripting (1.7.2)

WordPress Plugin Google Analytics Dashboard Cross-Site Scripting (2.1.1)

WordPress Plugin Lazy SEO Arbitrary File Upload (1.3.2)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-20036)

WordPress Plugin Google Map SQL Injection (2.2.5)

Severity

Low

Classification

CVE-2010-5097 CWE-707

Tags

Missing Update Known Vulnerabilities