CVE-2021-21370 Cross-Site Scripting in Content Preview (CType menu)

🗓️ 23 Mar 2021 01:55:12Reported by GitHub_MType

TYPO3 versions before 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 allow Cross-Site Scripting in Content Preview (CType menu

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2021-21370	23 Mar 202106:38	–	circl
CNNVD	TYPO3 跨站脚本漏洞	16 Mar 202100:00	–	cnnvd
CNVD	TYPO3 cross-site scripting vulnerability (CNVD-2021-22140)	23 Mar 202100:00	–	cnvd
CVE	CVE-2021-21370	23 Mar 202101:55	–	cve
EUVD	EUVD-2021-0723	7 Oct 202500:30	–	euvd
Friends Of PHP	TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview	16 Mar 202108:58	–	friendsofphp
Friends Of PHP	TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview	16 Mar 202108:58	–	friendsofphp
Github Security Blog	Cross-Site Scripting in Content Preview (CType menu)	23 Mar 202101:54	–	github
NCSC	Vulnerabilities fixed in TYPO3	16 Mar 202100:00	–	ncsc
NVD	CVE-2021-21370	23 Mar 202102:15	–	nvd

[
  {
    "product": "TYPO3.CMS",
    "vendor": "TYPO3",
    "versions": [
      {
        "status": "affected",
        "version": ">= 7.0.0, <= 7.6.50"
      },
      {
        "status": "affected",
        "version": ">= 8.0.0, <= 8.7.39"
      },
      {
        "status": "affected",
        "version": ">= 9.0.0, <= 9.5.24"
      },
      {
        "status": "affected",
        "version": ">= 10.0.0, <= 10.4.13"
      },
      {
        "status": "affected",
        "version": ">= 11.0.0, <= 11.1.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
packagist	www.packagist.org/packages/typo3/cms-backend
typo3	www.typo3.org/security/advisory/typo3-core-sa-2021-008

23 Mar 2021 01:55Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.4

EPSS0.00872

CWE-79