CVE-2012-3530

Published: 05 September 2012

Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

Priority

Medium

Status

Package Release Status
typo3-src
Launchpad, Ubuntu, Debian
Upstream
Released (4.5.19+dfsg1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [4.5.19+dfsg1-1])