TYPO3 4.4.13/4.5.13/4.6.6 HTML Sanitizing t3lib_div::RemoveXSS() cross site scripting

VulDB: TYPO3 4.4.13/4.5.13/4.6.6 HTML Sanitizing t3lib_div::RemoveXSS() cross site scripting

General

scipID: 5013
Affected: TYPO3 4.4.13/4.5.13/4.6.6
Published: 03/28/2012
Risk: problematic
Entry: 78.8% complete
Created: 04/04/2012
Updated: 09/03/2012

Summary

A vulnerability classified as problematic has been found in TYPO3 4.4.13/4.5.13/4.6.6. This affects the function t3lib_div::RemoveXSS() of the component HTML Sanitizing. The manipulation with an unknown input leads to a cross site scripting vulnerability. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was presented 03/28/2012. The advisory is shared for download at typo3.org. This vulnerability is uniquely identified as CVE-2012-1608 since 03/12/2012. The exploitability is told to be easy. It is possible to initiate the attack remotely. Technical details are known, but no exploit is available.

Upgrading to version 4.4.14, 4.5.14, 4.6.7 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (80762) and Secunia (SA48622).