CVE-2010-3672
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/typo3/cms-fluid
Identifiers
GHSA-p78x-93mq-qwqh, CVE-2010-3672
Package Slug
packagist/typo3/cms-fluid
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
Affected Versions
All versions before 4.3.4, all versions starting from 4.4.0 before 4.4.1
Solution
Upgrade to versions 4.3.4, 4.4.1 or above.
Last Modified
2024-02-07
| source |