Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms.

Remediation

References

CVE-2010-3659

Related Vulnerabilities

WordPress plugin Custom Contact Forms critical vulnerability

Joomla! Core Information Disclosure (1.5.0 - 3.8.1)

Joomla! Core Cross-Site Scripting (1.5.0 - 3.8.3)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Multiple Vulnerabilities (6.9.9)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-3171)

Severity

Medium

Classification

CVE-2010-3659 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities