Description

Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

Remediation

References

CVE-2012-3530

Related Vulnerabilities

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9514)

WordPress Plugin WooCommerce Privilege Escalation (3.5.0)

WordPress Plugin URL Cloak & Encrypt Cross-Site Scripting (2.0)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.2.100)

Apache Tomcat Other Vulnerability (CVE-2005-0808)

Severity

Medium

Classification

CVE-2012-3530

Tags

Missing Update Known Vulnerabilities