CVE-2012-3530

Description

Incomplete blacklist vulnerability in the `t3lib_div::quoteJSvalue` API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.

How to fix CVE-2012-3530

To remediate CVE-2012-3530, upgrade the affected package to a fixed version below.

• Packagist/typo3/cms—upgrade to 4.5.19 or later

Is CVE-2012-3530 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 4.5, < 4.5.19

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-3530
• WEBexchange.xforce.ibmcloud.com/vulnerabilities/77794
• WEBtypo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004
• WEBwww.debian.org/security/2012/dsa-2537