Vulnerability ID 5013

TYPO3 up to 4.6.6 HTML Sanitizing t3lib_div::RemoveXSS() cross site scripting

CVSSv3 Temp ScoreCurrent Exploit Price (≈)

A vulnerability classified as critical has been found in TYPO3. This affects the function t3lib_div::RemoveXSS() of the component HTML Sanitizing. The manipulation with an unknown input leads to a cross site scripting vulnerability. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.

The weakness was presented 03/28/2012 by Chris John Riley. The advisory is shared for download at This vulnerability is uniquely identified as CVE-2012-1608 since 03/12/2012. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 58541 (Debian DSA-2445-1 : typo3-src - several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks.

Upgrading to version 4.4.14, 4.5.14, 4.6.7 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 52771), X-Force (74552), Secunia (SA48622) and Vulnerability Center (SBV-40298). Entries connected to this vulnerability are available at 5010, 5011 and 5012.


Base Score: 8.8 [?]
Temp Score: 8.4 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:X/RL:O/RC:X [?]
Reliability: High


Base Score: 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C) [?]
Temp Score: 8.7 (CVSS2#E:ND/RL:OF/RC:ND) [?]
Reliability: High




Class: Cross site scripting (CWE-20)
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $10k-$25k (0-day) / $0-$1k (Today)


Nessus ID: 58541
Nessus Name: Debian DSA-2445-1 : typo3-src - several vulnerabilities
Nessus File: debian_DSA-2445.nasl
Nessus Family: Debian Local Security Checks
OpenVAS ID: 71247
OpenVAS Name: Debian Security Advisory DSA 2445-1 (typo3-src)
OpenVAS File: deb_2445_1.nasl
OpenVAS Family: Debian Local Security Checks


Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Upgrade: TYPO3 4.4.14, 4.5.14, 4.6.7


03/12/2012 CVE assigned
03/28/2012 +16 days Advisory disclosed
03/28/2012 +0 days Countermeasure disclosed
03/28/2012 +0 days VulnerabilityCenter entry assigned
03/30/2012 +2 days OSVDB entry created
04/04/2012 +5 days VulDB entry created
09/04/2012 +153 days NVD disclosed
07/03/2013 +302 days VulnerabilityCenter entry created
07/09/2015 +736 days VulDB entry updated


Researcher: Chris John Riley

CVE: CVE-2012-1608 ( ( (

SecurityFocus: 52771 - TYPO3 Core TYPO3-CORE-SA-2012-001 Multiple Remote Security Vulnerabilities
Secunia: 48622 - TYPO3 Multiple Vulnerabilities, Moderately Critical
X-Force: 74552
Vulnerability Center: 40298 - TYPO3 Multiple Versions Remote Cross-Site Scripting Vulnerability Related to the t3lib_div::RemoveXSS API Method, Medium
OSVDB: 80762 - TYPO3 HTML Sanitizing API t3lib_div::RemoveXSS() Method XSS Weakness

See also: 5010, 5011, 5012


Created: 04/04/2012
Updated: 07/09/2015
Entry: 86.9% complete