TYPO3 Core Multiple Cross Site Scripting Vulnerabilities

info
discussion
exploit
solution
references

TYPO3 Core Multiple Cross Site Scripting Vulnerabilities

TYPO3 is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

TYPO3 4.2.0 up to and including 4.2.2 are affected.