Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Typo3 | Typo3 | 4.5 (including) | 4.5 (including) |
| Typo3 | Typo3 | 4.5.0 (including) | 4.5.0 (including) |
| Typo3 | Typo3 | 4.5.1 (including) | 4.5.1 (including) |
| Typo3 | Typo3 | 4.5.2 (including) | 4.5.2 (including) |
| Typo3 | Typo3 | 4.5.3 (including) | 4.5.3 (including) |
| Typo3 | Typo3 | 4.5.4 (including) | 4.5.4 (including) |
| Typo3 | Typo3 | 4.5.5 (including) | 4.5.5 (including) |
| Typo3 | Typo3 | 4.5.6 (including) | 4.5.6 (including) |
| Typo3 | Typo3 | 4.5.7 (including) | 4.5.7 (including) |
| Typo3 | Typo3 | 4.5.8 (including) | 4.5.8 (including) |
| Typo3 | Typo3 | 4.5.9 (including) | 4.5.9 (including) |
| Typo3 | Typo3 | 4.5.10 (including) | 4.5.10 (including) |
| Typo3 | Typo3 | 4.5.11 (including) | 4.5.11 (including) |
| Typo3 | Typo3 | 4.5.12 (including) | 4.5.12 (including) |
| Typo3 | Typo3 | 4.5.13 (including) | 4.5.13 (including) |
| Typo3 | Typo3 | 4.5.14 (including) | 4.5.14 (including) |
| Typo3 | Typo3 | 4.5.15 (including) | 4.5.15 (including) |
| Typo3 | Typo3 | 4.5.16 (including) | 4.5.16 (including) |
| Typo3 | Typo3 | 4.5.17 (including) | 4.5.17 (including) |
| Typo3 | Typo3 | 4.5.18 (including) | 4.5.18 (including) |
| Typo3-src | Ubuntu | hardy | * |
| Typo3-src | Ubuntu | lucid | * |
| Typo3-src | Ubuntu | natty | * |
| Typo3-src | Ubuntu | oneiric | * |
| Typo3-src | Ubuntu | precise | * |
| Typo3-src | Ubuntu | upstream | * |