WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7074)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

Remediation

References

Related Vulnerabilities

MySQL CVE-2015-4861 Vulnerability (CVE-2015-4861)

MySQL CVE-2015-4913 Vulnerability (CVE-2015-4913)

WordPress Plugin WP Mobile Detector Cross-Site Scripting (3.2)

WordPress Plugin Easy Social Feed-Social Photos Gallery-Post Feed-Like Box Security Bypass (6.3.3)

WordPress Plugin NEX-Forms-Ultimate Form builder SQL Injection (3.0)

Severity

Low

Classification

CVE-2013-7074 CWE-707

Tags

Missing Update Known Vulnerabilities