Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.

Remediation

References

CVE-2010-3715

Related Vulnerabilities

WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.5)

Apache Traffic Server CVE-2022-47184 Vulnerability (CVE-2022-47184)

phpList CVE-2017-20031 Vulnerability (CVE-2017-20031)

WordPress Plugin Really Simple Gallery Multiple Vulnerabilities (1.4)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977)

Severity

Medium

Classification

CVE-2010-3715 CWE-707

Tags

Missing Update Known Vulnerabilities