GHSA-W3V6-R62R-FVQH Typo3 API XSS Vulnerabilities

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

GHSA-94C2-G68F-9R98 Typo3 API XSS Vulnerability

Incomplete blacklist vulnerability in the t3libdiv::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting XSS attacks via certain HTML5 JavaScript events...

Typo3 API XSS Vulnerability

Incomplete blacklist vulnerability in the t3libdiv::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting XSS attacks via certain HTML5 JavaScript events...

GHSA-M7RG-85G8-28M9 TYPO3 API function vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the t3libdiv::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing...

TYPO3 不完整黑名单跨站脚本漏洞(CVE-2012-3530)

CVE ID:CVE-2012-3530 TYPO3是一个免费开源的内容管理系统。 TYPO3 t3libdiv::quoteJSvalue API函数存在不完整黑名单漏洞，允许远程攻击者利用漏洞通过某些HTML5 JavaScript事件注入任意WEB脚本或者HTML，可获得敏感信息或劫持用户会话。 0 TYPO3 4.5.x TYPO3 4.6.x TYPO3 4.7.x 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息：...

Cross site scripting

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

CVE-2012-1608

TYPO3 CVE-2012-1608 affects the t3lib_div::RemoveXSS API. Vulnerable in TYPO3 versions 4.4.0–4.4.13, 4.5.0–4.5.13, 4.6.0–4.6.6, 4.7, and 6.0. The issue allows remote attackers to bypass the XSS protection and inject arbitrary web script or HTML via non-printable characters. Connected documents co...

Debian DSA-2445-1 : typo3-src - several vulnerabilities

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework : - CVE-2012-1606 Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these...