Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

Remediation

References

CVE-2010-3715

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2006-4684)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9783)

Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14232)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Multiple Vulnerabilities (2.0.3)

WordPress Plugin WooCommerce Cart Expiration PHP Object Injection (0.1.0)

Severity

Medium

Classification

CVE-2010-3715 CWE-707

Tags

Missing Update Known Vulnerabilities