Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend

2024-06-0314:29:56

GitHub Advisory Database

github.com

cross-site scripting

typo3

backend

user input

encoding

vulnerabilities

html

javascript

authenticated editors

6.8 Medium

AI Score

Confidence

High

JSON

Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<7.6.1

typo3cms_poll_system_extensionRange<6.2.16

CPENameOperatorVersion
typo3/cmslt7.6.1
typo3/cmslt6.2.16

CPE	Name	Operator	Version
	typo3/cms	lt	7.6.1
	typo3/cms	lt	6.2.16

References

github.com/advisories/GHSA-5cxf-xx9j-54jc

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-1.yaml

typo3.org/security/advisory/typo3-core-sa-2015-011

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011

6.8 Medium

AI Score

Confidence

High

JSON