Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2015-8755

Related Vulnerabilities

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.3.66)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2939)

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)

Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9889)

Oracle Database Server CVE-2008-0341 Vulnerability (CVE-2008-0341)

Severity

Medium

Classification

CVE-2015-8755 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities