Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel.

Remediation

References

CVE-2011-4629

Related Vulnerabilities

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43941)

Envoy Proxy Use After Free Vulnerability (CVE-2024-23322)

Oracle Database Server Other Vulnerability (CVE-2007-2130)

WordPress Plugin WP People 'wp-people-popup.php' SQL Injection (2.0)

WordPress Plugin Salon Booking System Arbitrary File Upload (10.2)

Severity

Medium

Classification

CVE-2011-4629 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities