Description

Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2012-6147

Related Vulnerabilities

Apache Tomcat version older than 5.5.26

MediaWiki Improper Input Validation Vulnerability (CVE-2014-1610)

WordPress Plugin Anti-Splog Cross-Site Scripting (2.1.7)

Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-30253)

WordPress Plugin Multiple Domain Cross-Site Scripting (1.0.2)

Severity

Low

Classification

CVE-2012-6147 CWE-707

Tags

Missing Update Known Vulnerabilities