CVE-2011-4626: XSS
First published: Wed Nov 06 2019(Updated: )
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Typo3 Typo3 | >=4.5.0<4.5.4 | |
| Typo3 Typo3 | >=4.3.0<4.3.12 | |
| Typo3 Typo3 | >=4.4.0<4.4.9 | |
| debian/typo3-src |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2011-4626?
CVE-2011-4626 is a vulnerability in TYPO3 that allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
How severe is CVE-2011-4626?
CVE-2011-4626 has a severity value of 6.1, which is considered medium.
What is the affected software for CVE-2011-4626?
The affected software for CVE-2011-4626 is TYPO3 versions before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4.
How can I exploit CVE-2011-4626?
To exploit CVE-2011-4626, an attacker would need to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function.
How can I fix CVE-2011-4626?
To fix CVE-2011-4626, upgrade to TYPO3 version 4.3.12, 4.4.9, or 4.5.4, or apply the provided patches or remedies.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.5.0
- version/typo3 typo3/4.3.0
- version/typo3 typo3/4.4.0
- package-manager/debian