Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
2019-11-06T17:15:11.330
2024-11-21T01:33:16.257
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | typo3 | typo3 | < 4.3.12 | Yes |
Application | typo3 | typo3 | < 4.4.9 | Yes |
Application | typo3 | typo3 | < 4.5.4 | Yes |