Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

Remediation

References

CVE-2011-4903

Related Vulnerabilities

MySQL CVE-2018-3062 Vulnerability (CVE-2018-3062)

Piwigo Improper Access Control Vulnerability (CVE-2016-10084)

MySQL CVE-2022-21290 Vulnerability (CVE-2022-21290)

Missing Authentication Check in SAP Solution Manager

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.14)

Severity

Medium

Classification

CVE-2011-4903 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities