Description

Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2010-5098

Related Vulnerabilities

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)

WordPress Plugin Hunk External Links Cross-Site Scripting (3.0.5)

WordPress Plugin Ecwid Ecommerce Shopping Cart Cross-Site Request Forgery (6.10.23)

WordPress Plugin LazyEater Multiple Unspecified Vulnerabilities (1.2.4)

WordPress Plugin Multilanguage by BestWebSoft Cross-Site Scripting (1.2.1)

Severity

Low

Classification

CVE-2010-5098 CWE-707

Tags

Missing Update Known Vulnerabilities