Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Typo3 | Typo3 | 4.5.3 | 4.5.3 |
Typo3 | Typo3 | 4.5.9 | 4.5.9 |
Typo3 | Typo3 | 4.5.12 | 4.5.12 |
Typo3 | Typo3 | 4.5.15 | 4.5.15 |
Typo3 | Typo3 | 4.5.5 | 4.5.5 |
Typo3 | Typo3 | 4.5.13 | 4.5.13 |
Typo3 | Typo3 | 4.5.17 | 4.5.17 |
Typo3 | Typo3 | 4.5.8 | 4.5.8 |
Typo3 | Typo3 | 4.5.14 | 4.5.14 |
Typo3 | Typo3 | 4.5.7 | 4.5.7 |
Typo3 | Typo3 | 4.5.6 | 4.5.6 |
Typo3 | Typo3 | 4.5.18 | 4.5.18 |
Typo3 | Typo3 | 4.5.0 | 4.5.0 |
Typo3 | Typo3 | 4.5 | 4.5 |
Typo3 | Typo3 | 4.5.11 | 4.5.11 |
Typo3 | Typo3 | 4.5.1 | 4.5.1 |
Typo3 | Typo3 | 4.5.16 | 4.5.16 |
Typo3 | Typo3 | 4.5.4 | 4.5.4 |
Typo3 | Typo3 | 4.5.2 | 4.5.2 |
Typo3 | Typo3 | 4.5.10 | 4.5.10 |