Description
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.
Remediation
References
Related Vulnerabilities
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42127)
WordPress 3.7.x Cross-Site Request Forgery (3.7 - 3.7.28)
WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)
Internet Information Services Other Vulnerability (CVE-2002-0869)