{"id":"GHSA-w3v6-r62r-fvqh","summary":"Typo3 API XSS Vulnerabilities","details":"The `t3lib_div::RemoveXSS` API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.","aliases":["CVE-2012-1608"],"modified":"2023-11-01T05:30:31.418080Z","published":"2022-05-17T05:23:54Z","database_specific":{"github_reviewed_at":"2023-08-29T23:29:28Z","github_reviewed":true,"nvd_published_at":"2012-09-04T20:55:00Z","cwe_ids":["CWE-20"],"severity":"MODERATE"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1608"},{"type":"WEB","url":"https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771"},{"type":"WEB","url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001"},{"type":"WEB","url":"http://www.debian.org/security/2012/dsa-2445"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/03/30/4"}],"affected":[{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.4.0"},{"fixed":"4.4.14"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3v6-r62r-fvqh/GHSA-w3v6-r62r-fvqh.json","last_known_affected_version_range":"\u003c= 4.4.13"}},{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.5.0"},{"fixed":"4.5.14"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3v6-r62r-fvqh/GHSA-w3v6-r62r-fvqh.json","last_known_affected_version_range":"\u003c= 4.5.13"}},{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.6.0"},{"fixed":"4.6.7"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w3v6-r62r-fvqh/GHSA-w3v6-r62r-fvqh.json","last_known_affected_version_range":"\u003c= 4.6.6"}}],"schema_version":"1.7.3"}