Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.

Remediation

References

CVE-2011-4626

Related Vulnerabilities

Jenkins 7PK - Security Features Vulnerability (CVE-2014-9634)

MySQL CVE-2016-3615 Vulnerability (CVE-2016-3615)

MySQL CVE-2020-2760 Vulnerability (CVE-2020-2760)

WordPress Plugin WP Download Codes Cross-Site Scripting (2.5.1)

WordPress Plugin Polldaddy Polls & Ratings Unspecified Vulnerability (2.0.25)

Severity

Medium

Classification

CVE-2011-4626 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities