Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.

Remediation

References

CVE-2011-4626

Related Vulnerabilities

Oracle JRE CVE-2013-5812 Vulnerability (CVE-2013-5812)

WordPress Plugin Comments-wpDiscuz Arbitrary File Upload (7.0.4)

WordPress Plugin Wordpress Membership SwiftCloud.io SQL Injection (1.0)

WordPress Plugin Subscribe to Comments Multiple Cross-Site Scripting Vulnerabilities (2.0.4)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0211)

Severity

Medium

Classification

CVE-2011-4626 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities