Moderate severityNVD Advisory· Published Sep 4, 2012· Updated Apr 29, 2026
CVE-2012-1608
CVE-2012-1608
Description
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cmsPackagist | >= 4.4.0, < 4.4.14 | 4.4.14 |
typo3/cmsPackagist | >= 4.5.0, < 4.5.14 | 4.5.14 |
typo3/cmsPackagist | >= 4.6.0, < 4.6.7 | 4.6.7 |
Affected products
38cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- secunia.com/advisories/48647nvdVendor Advisory
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/nvdVendor Advisory
- github.com/advisories/GHSA-w3v6-r62r-fvqhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1608ghsaADVISORY
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001ghsaWEB
- www.debian.org/security/2012/dsa-2445nvdWEB
- www.openwall.com/lists/oss-security/2012/03/30/4nvdWEB
- web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771ghsaWEB
- www.osvdb.org/80762nvd
- www.securityfocus.com/bid/52771nvd
News mentions
0No linked articles in our index yet.