GoogleOSV:GHSA-3MQF-FWC6-VWQWTYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
www.openwall.com/lists/oss-security/2011/01/13/2
www.openwall.com/lists/oss-security/2012/05/10/7
www.openwall.com/lists/oss-security/2012/05/11/3
www.openwall.com/lists/oss-security/2012/05/12/5
exchange.xforce.ibmcloud.com/vulnerabilities/64179
github.com/TYPO3-CMS/frontend
github.com/TYPO3/typo3/commit/3c5d15233ca765fabeac21f0600d831595d31cd8
github.com/TYPO3/typo3/commit/4e8bd7a15681c0683196984e871f60f0646ea2b6
github.com/TYPO3/typo3/commit/6d17fe7cef30b09a65e0c2d54f8871ec3ddfc67e
nvd.nist.gov/vuln/detail/CVE-2010-5098
web.archive.org/web/20101229020821/secunia.com/advisories/35770
web.archive.org/web/20111025222220/typo3.org/teams/security/security-bulletins/typo3-sa-2010-022
web.archive.org/web/20111223211753/www.securityfocus.com/bid/45470
Related
