Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.

Remediation

References

CVE-2011-4632

Related Vulnerabilities

Apache 2.x version older than 2.0.61

WordPress Plugin WP Visitor Statistics (Real Time Traffic) Unspecified Vulnerability (4.8)

Java Unspesificed Vulnerability (CVE-2019-2786)

Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)

Oracle Application Server CVE-2006-3711 Vulnerability (CVE-2006-3711)

Severity

Medium

Classification

CVE-2011-4632 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities