CVE-2010-3715
TYPO3 4.2.0-4.2.14, 4.3.0-4.3.6, 4.4.0-4.4.3 - Cross-Site Scripting via RemoveXSS Function and Backend
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/43786
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2121
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
Scores
EPSS
0.0030
EPSS Percentile
53.1%
Details
CWE
CWE-79
Status
published
Products (27)
typo3/cms-backend
4.2.0 - 4.2.15Packagist
typo3/typo3
4.2.0
typo3/typo3
4.2.1
typo3/typo3
4.2.2
typo3/typo3
4.2.3
typo3/typo3
4.2.4
typo3/typo3
4.2.5
typo3/typo3
4.2.6
typo3/typo3
4.2.7
typo3/typo3
4.2.8
... and 17 more
Published
Oct 25, 2010
Tracked Since
Feb 18, 2026