Multiple cross-site scripting (XSS) vulnerabilities in Content Editing
Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before
6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow
remote authenticated users to inject arbitrary web script or HTML via
unspecified parameters.