Description
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Input Validation Vulnerability (CVE-2018-1000873)
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)
WordPress 'wp-db.php' Character Set SQL Injection Vulnerability (2.0 - 2.3.1)
Moodle Uncontrolled Recursion Vulnerability (CVE-2021-36395)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)