Candidate: CVE-2012-1608
PublicDate: 2012-09-04 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1608
 http://www.openwall.com/lists/oss-security/2012/03/29
 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Description:
 The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0
 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers
 to bypass the cross-site scripting (XSS) protection mechanism and inject
 arbitrary web script or HTML via non printable characters.
Ubuntu-Description:
Notes:
 tyhicks> Affected Versions: 4.4.0 up to 4.4.13, 4.5.0 up to 4.5.13,
  4.6.0 up to 4.6.6
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_typo3-src:
upstream_typo3-src: released (4.5.14+dfsg1-1)
hardy_typo3-src: ignored (reached end-of-life)
lucid_typo3-src: ignored (reached end-of-life)
maverick_typo3-src: ignored (reached end-of-life)
natty_typo3-src: released (4.3.9+dfsg1-1+squeeze3build0.11.04.1)
oneiric_typo3-src: ignored (reached end-of-life)
precise_typo3-src: ignored (reached end-of-life)
precise/esm_typo3-src: DNE (precise was needed)
quantal_typo3-src: ignored (reached end-of-life)
raring_typo3-src: ignored (reached end-of-life)
saucy_typo3-src: ignored (reached end-of-life)
trusty_typo3-src: not-affected (4.5.32+dfsg1-1)
trusty/esm_typo3-src: DNE (trusty was not-affected [4.5.32+dfsg1-1])
utopic_typo3-src: ignored (reached end-of-life)
vivid_typo3-src: ignored (reached end-of-life)
vivid/stable-phone-overlay_typo3-src: DNE
vivid/ubuntu-core_typo3-src: DNE
wily_typo3-src: DNE
xenial_typo3-src: DNE
yakkety_typo3-src: DNE
zesty_typo3-src: DNE
artful_typo3-src: DNE
bionic_typo3-src: DNE
devel_typo3-src: DNE