Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

Remediation

References

CVE-2011-4903

Related Vulnerabilities

RubyGems Cryptographic Issues Vulnerability (CVE-2013-4363)

WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)

OpenSSL Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-2650)

MySQL CVE-2020-2574 Vulnerability (CVE-2020-2574)

WordPress Plugin WordPress Landing Pages Multiple Vulnerabilities (1.8.4)

Severity

Medium

Classification

CVE-2011-4903 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities