Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.

Remediation

References

CVE-2010-3659

Related Vulnerabilities

WordPress Plugin Mobile Events Manager CSV Injection (1.4.7)

WebLogic CVE-2017-3531 Vulnerability (CVE-2017-3531)

WordPress Plugin Commentator Cross-Site Scripting (2.5.2)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4553)

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.10.1)

Severity

Medium

Classification

CVE-2010-3659 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities