Christian Nösterer

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.18 TYPO3 versions 4.6.x through 4.6.11 TYPO3 versions 4.7.x through 4.7.3 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events, due to an incomplete blacklist vulnerability in the `t3lib div::quoteJSvalue` API function. **Recommendations** For versions 4.5.x through 4.5.18, update to version 4.5.19 or later. For versions 4.6.x through 4.6.11, update to version 4.6.12 or later. For versions 4.7.x through 4.7.3, update to version 4.7.4 or later.