Candidate: CVE-2012-3528
PublicDate: 2012-09-05 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3528
 http://typo3.org/support/teams-security-security-bulletins/security-bulletins-single-view/article/several-vulnerabilities-in-typo3-core/
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3
 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow
 remote authenticated backend users to inject arbitrary web script or HTML
 via unspecified vectors.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685011
Priority: medium
Discovered-by: Pavel Vaysband, Markus Bucher, Susanne Moog, and Jan Bednarik
Assigned-to:
CVSS: 

Patches_typo3-src:
upstream_typo3-src: released (4.5.19+dfsg1-1)
hardy_typo3-src: ignored (reached end-of-life)
lucid_typo3-src: ignored (reached end-of-life)
natty_typo3-src: released (4.3.9+dfsg1-1+squeeze5build0.11.04.1)
oneiric_typo3-src: ignored (reached end-of-life)
precise_typo3-src: ignored (reached end-of-life)
precise/esm_typo3-src: DNE (precise was needed)
quantal_typo3-src: not-affected (4.5.19+dfsg1-1)
raring_typo3-src: not-affected (4.5.19+dfsg1-1)
saucy_typo3-src: not-affected (4.5.19+dfsg1-1)
trusty_typo3-src: not-affected (4.5.19+dfsg1-1)
trusty/esm_typo3-src: DNE (trusty was not-affected [4.5.19+dfsg1-1])
utopic_typo3-src: not-affected (4.5.19+dfsg1-1)
vivid_typo3-src: not-affected (4.5.19+dfsg1-1)
vivid/stable-phone-overlay_typo3-src: DNE
vivid/ubuntu-core_typo3-src: DNE
wily_typo3-src: DNE
xenial_typo3-src: DNE
yakkety_typo3-src: DNE
zesty_typo3-src: DNE
devel_typo3-src: DNE