Candidate: CVE-2012-1606
PublicDate: 2012-09-04 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1606
 http://www.openwall.com/lists/oss-security/2012/03/29
 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the Backend
 component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0
 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to
 inject arbitrary web script or HTML via unspecified vectors.
Ubuntu-Description:
Notes:
 tyhicks> Affected Versions: 4.4.0 up to 4.4.13, 4.5.0 up to 4.5.13,
  4.6.0 up to 4.6.6
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_typo3-src:
upstream_typo3-src: released (4.5.14+dfsg1-1)
hardy_typo3-src: ignored (reached end-of-life)
lucid_typo3-src: ignored (reached end-of-life)
maverick_typo3-src: ignored (reached end-of-life)
natty_typo3-src: released (4.3.9+dfsg1-1+squeeze3build0.11.04.1)
oneiric_typo3-src: ignored (reached end-of-life)
precise_typo3-src: ignored (reached end-of-life)
precise/esm_typo3-src: DNE (precise was needed)
quantal_typo3-src: ignored (reached end-of-life)
raring_typo3-src: ignored (reached end-of-life)
saucy_typo3-src: ignored (reached end-of-life)
trusty_typo3-src: not-affected (4.5.32+dfsg1-1)
trusty/esm_typo3-src: DNE (trusty was not-affected [4.5.32+dfsg1-1])
utopic_typo3-src: ignored (reached end-of-life)
vivid_typo3-src: ignored (reached end-of-life)
vivid/stable-phone-overlay_typo3-src: DNE
vivid/ubuntu-core_typo3-src: DNE
wily_typo3-src: DNE
xenial_typo3-src: DNE
yakkety_typo3-src: DNE
zesty_typo3-src: DNE
artful_typo3-src: DNE
bionic_typo3-src: DNE
devel_typo3-src: DNE