Description

Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2012-6145

Related Vulnerabilities

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29577)

WordPress Plugin BulletProof Security Cross-Site Scripting (.47)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-3011)

WordPress Plugin WP Symposium 'get_profile_avatar.php' SQL Injection (0.64)

Apache Tomcat Credentials Management Errors Vulnerability (CVE-2009-3548)

Severity

Low

Classification

CVE-2012-6145 CWE-707

Tags

Missing Update Known Vulnerabilities