CVE-2012-1608

Published: Sep 4, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

Affected (37)

Products: Typo3: Typo3

Typo3

1 product

Typo3

Configuration A

37 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	Version 4.4.0
Typo3 Typo3	Version 4.4.10
Typo3 Typo3	Version 4.4.11
Typo3 Typo3	Version 4.4.12
Typo3 Typo3	Version 4.4.13
Typo3 Typo3	Version 4.4.1
Typo3 Typo3	Version 4.4.2
Typo3 Typo3	Version 4.4.3
Typo3 Typo3	Version 4.4.4
Typo3 Typo3	Version 4.4.5
Typo3 Typo3	Version 4.4.6
Typo3 Typo3	Version 4.4.7
Typo3 Typo3	Version 4.4.8
Typo3 Typo3	Version 4.4.9
Typo3 Typo3	Version 4.5.0
Typo3 Typo3	Version 4.5.10
Typo3 Typo3	Version 4.5.11
Typo3 Typo3	Version 4.5.12
Typo3 Typo3	Version 4.5.13
Typo3 Typo3	Version 4.5.1
Typo3 Typo3	Version 4.5.2
Typo3 Typo3	Version 4.5.3
Typo3 Typo3	Version 4.5.4
Typo3 Typo3	Version 4.5.5
Typo3 Typo3	Version 4.5.6
Typo3 Typo3	Version 4.5.7
Typo3 Typo3	Version 4.5.8
Typo3 Typo3	Version 4.5.9
Typo3 Typo3	Version 4.6.0
Typo3 Typo3	Version 4.6.1
Typo3 Typo3	Version 4.6.2
Typo3 Typo3	Version 4.6.3
Typo3 Typo3	Version 4.6.4
Typo3 Typo3	Version 4.6.5
Typo3 Typo3	Version 4.6.6
Typo3 Typo3	Version 4.7
Typo3 Typo3	Version 6.0