Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

Remediation

References

CVE-2011-4903

Related Vulnerabilities

PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-31628)

MySQL CVE-2018-3070 Vulnerability (CVE-2018-3070)

MediaWiki CVE-2012-4885 Vulnerability (CVE-2012-4885)

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2007-3847)

WordPress Plugin Events Manager Cross-Site Scripting (5.8.1.1)

Severity

Medium

Classification

CVE-2011-4903 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities