Cross-Site Scripting (XSS)

teaminmedias-pluswerk/ke_search (aka) Faceted Search extension of Typo3 is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via parameters such as content,abstract,message,tag, title in the backend module controller.