CVE-2012-6148

NameCVE-2012-6148
DescriptionCross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs692775

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsourcesqueeze(not affected)
typo3-srcsource(unstable)4.5.19+dfsg1-4692775

Notes

[squeeze] - typo3-src <not-affected> (Vulnerable code not present)
https://review.typo3.org/16300
Search for package or bug name: Reporting problems