Lucene search
GitHub Advisory DatabaseGHSA-4PPR-JW47-9QM5HistoryMay 30, 2024 - 6:32 p.m.
TYPO3 Cross-Site Scripting in Link Handling
2024-05-3018:32:51
CWE-79
GitHub Advisory Database
github.com
4
typo3
cross-site scripting
link handling
url
backend forms
frontend extensions
vulnerability
6.7 Medium
AI Score
Confidence
High
It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink.
Affected configurations
Node
typo3cms_poll_system_extensionRange<9.5.12
ORtypo3cms_poll_system_extensionRange<8.7.30
ORtypo3cms_poll_system_extensionRange<10.2.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms-core | lt | 9.5.12 | |
| typo3/cms-core | lt | 8.7.30 | |
| typo3/cms-core | lt | 10.2.1 |
References
github.com/advisories/GHSA-4ppr-jw47-9qm5
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-12-17-2.yaml
github.com/TYPO3-CMS/core/commit/280908c9472aa5e1d9ee005327bbb9aed53f613a
github.com/TYPO3-CMS/core/commit/89f5817c09a50d8d60821158d651bd618521164e
github.com/TYPO3-CMS/core/commit/d2823a451d65ac59dd42ec54c92903d70d29c813
typo3.org/security/advisory/typo3-core-sa-2019-022
6.7 Medium
AI Score
Confidence
High