Description

Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

Remediation

References

CVE-2012-3530

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3469)

WordPress Plugin WordPress Download Manager Cross-Site Request Forgery (3.2.12)

WordPress Plugin Sticky Related Posts Cross-Site Scripting (1.0)

jszip CVE-2021-23413 Vulnerability (CVE-2021-23413)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-28331)

Severity

Medium

Classification

CVE-2012-3530

Tags

Missing Update Known Vulnerabilities