QwikSec

Security Database

CVE

CWE

Training

CVE-2012-3530

Published: Sep 5, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/

x_refsource_CONFIRM

typo3-html5-xss(77794)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20120822 Re: CVE request: Typo3

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.