CVE-2017-5963
Affected software: caddy (TYPO3) before 7.2.10. The vulnerability arises from insufficient filtration of user-supplied data in the paymillToken POST parameter passed to caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php, enabling a stored/Reflective XSS in the browser context...