Description

Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2012-6148

Related Vulnerabilities

WordPress Plugin Social Share Buttons-Social Pug Multiple Unspecified Vulnerabilities (1.3.1)

MySQL CVE-2015-2611 Vulnerability (CVE-2015-2611)

osTicket Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2010-4634)

Magento CVE-2019-8091 Vulnerability (CVE-2019-8091)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (1.2.995)

Severity

Low

Classification

CVE-2012-6148 CWE-707

Tags

Missing Update Known Vulnerabilities