Typo3 XSS in RemoveXSS function
Moderate severity
GitHub Reviewed
Published
Apr 22, 2022
to the GitHub Advisory Database
•
Updated Jan 12, 2024
Package
Affected versions
< 4.3.12
>= 4.4.0, < 4.4.9
>= 4.5.0, < 4.5.4
Patched versions
4.3.12
4.4.9
4.5.4
Description
Published by the National Vulnerability Database
Nov 6, 2019
Published to the GitHub Advisory Database
Apr 22, 2022
Reviewed
Jan 12, 2024
Last updated
Jan 12, 2024
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.
References