The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 up to and including 4.4.13, 4.5.0 up to and including 4.5.13, 4.6.0 up to and including 4.6.6, 4.7, and 6.0 allows remote malicious users to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 4.4.0 |
||
typo3 typo3 4.4.1 |
||
typo3 typo3 4.4.2 |
||
typo3 typo3 4.4.3 |
||
typo3 typo3 4.5.2 |
||
typo3 typo3 4.5.3 |
||
typo3 typo3 4.5.4 |
||
typo3 typo3 4.5.5 |
||
typo3 typo3 4.5.6 |
||
typo3 typo3 4.6.5 |
||
typo3 typo3 4.6.6 |
||
typo3 typo3 4.7 |
||
typo3 typo3 6.0 |
||
typo3 typo3 4.4.5 |
||
typo3 typo3 4.4.7 |
||
typo3 typo3 4.4.12 |
||
typo3 typo3 4.5.0 |
||
typo3 typo3 4.5.7 |
||
typo3 typo3 4.5.9 |
||
typo3 typo3 4.6.2 |
||
typo3 typo3 4.6.4 |
||
typo3 typo3 4.4.8 |
||
typo3 typo3 4.4.9 |
||
typo3 typo3 4.4.10 |
||
typo3 typo3 4.4.11 |
||
typo3 typo3 4.5.11 |
||
typo3 typo3 4.5.12 |
||
typo3 typo3 4.5.13 |
||
typo3 typo3 4.6.0 |
||
typo3 typo3 4.4.4 |
||
typo3 typo3 4.4.6 |
||
typo3 typo3 4.4.13 |
||
typo3 typo3 4.5.1 |
||
typo3 typo3 4.5.8 |
||
typo3 typo3 4.5.10 |
||
typo3 typo3 4.6.1 |
||
typo3 typo3 4.6.3 |