Description

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Remediation

References

CVE-2009-3633

Related Vulnerabilities

ownCloud Improper Input Validation Vulnerability (CVE-2014-2585)

WordPress Plugin Mobile Domain Multiple Vulnerabilities (1.5.2)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.35)

Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-4650)

WordPress Plugin Display Posts Shortcode Unspecified Vulnerability (1.9)

Severity

Medium

Classification

CVE-2009-3633 CWE-352

Tags

Missing Update Known Vulnerabilities