CVE-2011-4630Cross-site Scripting in Typo3

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 58.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3Typo3 CMS
Timeline
PublishedNov 6
Latest updateApr 22

Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

Packagisttypo3/cms4.5.04.5.4+2
NVDtypo3/typo34.3.04.3.12+2
CVEListV5typo3/typo3before 4.5.4

🔴Vulnerability Details

3
GHSA
Typo3 XSS Vulnerability2022-04-22
OSV
Typo3 XSS Vulnerability2022-04-22
CVEList
CVE-2011-4630: Cross-site Scripting (XSS) in TYPO3 before 42019-11-06
CVE-2011-4630 — Cross-site Scripting in Typo3 | cvebase