CVE-2022-31048

🗓️ 14 Jun 2022 20:50:18Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 90 Views

TYPO3 Form Designer backend module vulnerable to XS

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2022-31048	15 Jun 202200:19	–	circl
CNNVD	TYPO3 跨站脚本漏洞	14 Jun 202200:00	–	cnnvd
Cvelist	CVE-2022-31048 Cross-Site Scripting in Form Framework	14 Jun 202220:50	–	cvelist
EUVD	EUVD-2022-5911	3 Oct 202520:07	–	euvd
Friends Of PHP	TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework	14 Jun 202207:11	–	friendsofphp
Friends Of PHP	TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework	14 Jun 202207:11	–	friendsofphp
Github Security Blog	Cross-Site Scripting in TYPO3's Form Framework	17 Jun 202220:55	–	github
NCSC	Vulnerabilities fixed in TYPO3	14 Jun 202200:00	–	ncsc
NVD	CVE-2022-31048	14 Jun 202221:15	–	nvd
OpenVAS	TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-003)	15 Jun 202200:00	–	openvas

NVD

Vulners

Node

typo3 typo3Range8.0.0–8.7.47elts

typo3 typo3Range9.0.0–9.5.35elts

typo3 typo3Range10.0.0–10.4.29

typo3 typo3Range11.0.0–11.5.11

[
  {
    "product": "typo3",
    "vendor": "TYPO3",
    "versions": [
      {
        "status": "affected",
        "version": ">= 8.0.0, < 8.7.47"
      },
      {
        "status": "affected",
        "version": ">= 9.0.0, < 9.5.34"
      },
      {
        "status": "affected",
        "version": ">= 10.0.0, < 10.4.29"
      },
      {
        "status": "affected",
        "version": ">= 11.0.0, < 11.5.11"
      }
    ]
  }
]

Source	Link
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
typo3	www.typo3.org/security/advisory/typo3-core-sa-2022-003
github	www.github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0