Description
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-0220)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36100)
WordPress Plugin FB Survey Pro 'id' Parameter SQL Injection (1.0)
WordPress Plugin Simple Link Directory Cross-Site Scripting (7.3.4)
WordPress Plugin GeSHi Source Colorer Cross-Site Scripting (0.13)