Description

Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2012-1606

Related Vulnerabilities

MediaWiki CVE-2022-28209 Vulnerability (CVE-2022-28209)

Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-25690)

WordPress Plugin Ultimate Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (1.29.2)

WordPress Plugin WP Data Access Security Bypass (5.1.3)

Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)

Severity

Low

Classification

CVE-2012-1606 CWE-707

Tags

Missing Update Known Vulnerabilities