Description
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Remediation
References
Related Vulnerabilities
WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)
MySQL CVE-2022-21285 Vulnerability (CVE-2022-21285)
Apache HTTP Server Insertion of Sensitive Information into Log File Vulnerability (CVE-2001-1556)
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8093)
Undertow Improper Input Validation Vulnerability (CVE-2020-1757)