Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.

Remediation

References

CVE-2014-3943

Related Vulnerabilities

WordPress Plugin WP Statistics Cross-Site Scripting (9.5.1)

WordPress Plugin Content Audit Blind SQL Injection (1.6)

Oracle Database Server CVE-2012-0528 Vulnerability (CVE-2012-0528)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7925)

Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27493)

Severity

Low

Classification

CVE-2014-3943 CWE-707

Tags

Missing Update Known Vulnerabilities