Description
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Remediation
References
Related Vulnerabilities
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)
WordPress Plugin Facebook Members Cross-Site Request Forgery (5.0.4)
Magento Cryptographic Issues Vulnerability (CVE-2019-7886)
Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-4724)