Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2015-8758

Related Vulnerabilities

TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21910)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)

WordPress Plugin Contact Form 7-PayPal Add-on Cross-Site Request Forgery (1.3.4)

WordPress Plugin Quiz Maker Multiple SQL Injection Vulnerabilities (6.2.0.8)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.1.19)

Severity

Medium

Classification

CVE-2015-8758 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities