Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.

Remediation

References

CVE-2011-4626

Related Vulnerabilities

PostgreSQL CVE-2024-0985 Vulnerability (CVE-2024-0985)

TYPO3 Other Vulnerability (CVE-2007-1081)

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17298)

XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2022-23616)

WordPress CVE-2016-5836 Vulnerability (CVE-2016-5836)

Severity

Medium

Classification

CVE-2011-4626 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities