CVE-2012-1608 — Improper Input Validation in CMS
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 28.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedSep 4
Latest updateMay 17
Description
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
CVSS vector
AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9