Additional TCA Allows Cross-Site Scripting (XSS)

A cross-site scripting XSS vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Update...

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-002...

CVE-2011-5080

Cross-site scripting XSS vulnerability in lib/class.txjftcaformstceFunc.php in the Additional TCA Forms jftcaforms extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-5080

CVE-2011-5080 affects the TYPO3 extension jftcaforms (Additional TCA Forms) prior to version 0.2.1. The vulnerability exists in lib/class.tx_jftcaforms_tceFunc.php and allows remote attackers to inject arbitrary web script or HTML via unspecified vectors (XSS). Practical impact is to execute scri...