Description

Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2012-1606

Related Vulnerabilities

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-5289)

WordPress Plugin Job Manager Cross-Site Scripting (0.7.24)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.13)

WordPress Plugin Category List Portfolio Page TimThumb Arbitrary File Upload (1.2.3)

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)

Severity

Low

Classification

CVE-2012-1606 CWE-707

Tags

Missing Update Known Vulnerabilities