Cross site scripting

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function...

CVE-2011-4903

CVE-2011-4903: TYPO3 is vulnerable to a Cross-site Scripting (XSS) flaw in the RemoveXSS function affecting TYPO3 core releases prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. The issue allows remote attackers to inject arbitrary web script or HTML. No exploitation details are pr...

CVE-2011-4903

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function...

CVE-2018-16759

The removeXSS function in App/Common/common.php called from App/Modules/Index/Action/SearchAction.class.php in EasyCMS v1.4 allows XSS via an onhashchange event...

CVE-2018-16759

The CVE-2018-16759 entry concerns EasyCMS v1.4. The vulnerability is in the removeXSS function (App/Common/common.php), invoked by App/Modules/Index/Action/SearchAction.class.php, which allows cross-site scripting via an onhashchange event. The issue is concretely described across multiple source...

Cross-site scripting vulnerability in extension "Powermail" (powermail)

The extension uses \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS, which is known to be vulnerable to XSS...

Mastery oa 2015 \inc\common.inc.php approve_finish function injection vulnerability

Recently made public measured when encountered on a system, The 2015 version of the latest update date: 2016-07-22 Injection the analysis \inc\common.inc.php ? php function SecureRequest&$var if isarray$var foreach $var as $k = $v $var$k = securerequest$v; else if 0 strlen$var &&...

Cross site scripting

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

UBUNTU-CVE-2012-1608

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

CVE-2012-1608

TYPO3 CVE-2012-1608 affects the t3lib_div::RemoveXSS API. Vulnerable in TYPO3 versions 4.4.0–4.4.13, 4.5.0–4.5.13, 4.6.0–4.6.6, 4.7, and 6.0. The issue allows remote attackers to bypass the XSS protection and inject arbitrary web script or HTML via non-printable characters. Connected documents co...

Debian DSA-2537-1 : typo3-src - several vulnerabilities

Several vulnerabilities were discovered in TYPO3, a content management system. - CVE-2012-3527 An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users. - CVE-2012-3528 The TYPO3 backend contains several cross-site scripting vulnerabilities. -...

Debian DSA-2445-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework : - CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these...

CVE-2010-3715

Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...

CVE-2010-3715

Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...