CVE-2011-4631

Published: 06 November 2019

Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler.

Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
typo3-src
Launchpad, Ubuntu, Debian
Upstream
Released (4.3.12,4.5.4)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(4.5.10+dfsg1-1)