CVE-2014-3949
CVE-2014-3949 describes a cross-site scripting (XSS) vulnerability in the Grid Elements (gridelements) TYPO3 extension. The issue affects the layout wizard in versions before 1.5.1 and 2.0.x before 2.0.3, allowing a remote authenticated backend user to inject arbitrary script or HTML via unspecif...