TYPO3 Cross-Site Scripting in Form Framework

2024-05-3016:16:16

CWE-79

GitHub Advisory Database

github.com

typo3

cross-site scripting

form framework

frontend

system extension

6.9 Medium

AI Score

Confidence

High

Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site scripting.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.4

typo3cms_poll_system_extensionRange<8.7.23

CPENameOperatorVersion
typo3/cms-corelt9.5.4
typo3/cms-corelt8.7.23

CPE	Name	Operator	Version
	typo3/cms-core	lt	9.5.4
	typo3/cms-core	lt	8.7.23

github.com/advisories/GHSA-4459-qrcc-vfcf

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-01-22-6.yaml

github.com/TYPO3-CMS/core/commit/3b8b8b4416b921df4ccc7c5b4a8e9a069562be35

github.com/TYPO3-CMS/core/commit/a0e917008320e24c26780ba385fbfe738fcd45b9

typo3.org/security/advisory/typo3-core-sa-2019-007

6.9 Medium

AI Score

Confidence

High