Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

Remediation

References

CVE-2011-4903

Related Vulnerabilities

MySQL CVE-2012-5096 Vulnerability (CVE-2012-5096)

Drupal Core 8.6.x Cross-Site Scripting (8.6.0 - 8.6.12)

WordPress Plugin Widget Logic Cross-Site Request Forgery (5.9.0)

Oracle Application Server CVE-2006-0283 Vulnerability (CVE-2006-0283)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-40603)

Severity

Medium

Classification

CVE-2011-4903 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities