CVE-2013-7074

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.5.x through 4.5.31 TYPO3 versions 4.7.x through 4.7.16 TYPO3 versions 6.0.x through 6.0.11 TYPO3 versions 6.1.x through 6.1.6 TYPO3 development versions of 6.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

Recommendations For TYPO3 versions 4.5.x through 4.5.31, update to version 4.5.32 or later. For TYPO3 versions 4.7.x through 4.7.16, update to version 4.7.17 or later. For TYPO3 versions 6.0.x through 6.0.11, update to version 6.0.12 or later. For TYPO3 versions 6.1.x through 6.1.6, update to version 6.1.7 or later. For TYPO3 development versions of 6.2, consider avoiding the use of Content Editing Wizards until a fixed version is available.