Description
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.
Remediation
References
Related Vulnerabilities
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.1)
Oracle JRE CVE-2023-21937 Vulnerability (CVE-2023-21937)
Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)
WordPress 4.1.x Prototype Pollution (4.1 - 4.1.34)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)