CVE-2011-4903Cross-site Scripting in Typo3

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 43.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3Typo3 CMS
Timeline
PublishedNov 6
Latest updateApr 22

Description

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

Packagisttypo3/cms4.4.04.4.9+2
NVDtypo3/typo34.3.04.3.12+2
CVEListV5typo3/typo3before 4.5.4

🔴Vulnerability Details

3
GHSA
Typo3 XSS in RemoveXSS function2022-04-22
OSV
Typo3 XSS in RemoveXSS function2022-04-22
CVEList
CVE-2011-4903: Cross-site Scripting (XSS) in TYPO3 before 42019-11-06
CVE-2011-4903 — Cross-site Scripting in Typo3 | cvebase