Description
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
Remediation
References
Related Vulnerabilities
WordPress Plugin Duplicator-WordPress Migration Cross-Site Scripting (1.2.28)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1890)
WordPress Plugin User Meta Manager Information Disclosure (3.4.7)