Description

Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.

Remediation

References

CVE-2015-8758

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)

WordPress Plugin YITH WooCommerce Order Tracking Security Bypass (1.2.10)

WordPress Plugin YouTube Cross-Site Request Forgery (11.8.1)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)

Severity

Medium

Classification

CVE-2015-8758 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities