Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2015-8755

Related Vulnerabilities

WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)

WordPress Plugin WP Post to PDF Enhanced Cross-Site Scripting (1.0.5)

WordPress Plugin User Role Editor Cross-Site Request Forgery (3.12)

Internet Information Services Other Vulnerability (CVE-2000-0024)

WordPress Plugin WP Fastest Cache Directory Traversal (0.8.9.5)

Severity

Medium

Classification

CVE-2015-8755 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities