Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.

Remediation

References

CVE-2011-4629

Related Vulnerabilities

Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277)

PostgreSQL Other Vulnerability (CVE-2002-1398)

WordPress Plugin Mail On Update Cross-Site Request Forgery (5.1.0)

e107 Other Vulnerability (CVE-2006-2590)

Jenkins Improper Input Validation Vulnerability (CVE-2017-1000401)

Severity

Medium

Classification

CVE-2011-4629 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities