TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4626)

Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.

Remediation

References

CVE-2011-4626

Related Vulnerabilities

WordPress 'edit.php' Cross-Site Scripting Vulnerability (1.5)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-14193)

Magento 2.0-2.3 End of life

WordPress Plugin BP Profile Search PHP Object Injection (4.5.3)

MySQL Other Vulnerability (CVE-2009-4019)

Severity

Medium

Classification

CVE-2011-4626 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N