Cross-Site Scripting in TYPO3 CMS

2024-06-0517:05:47

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

typo3 cms

user input encoding

7 High

AI Score

Confidence

High

Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<8.6.1

typo3cms_poll_system_extensionRange<7.6.16

CPENameOperatorVersion
typo3/cmslt8.6.1
typo3/cmslt7.6.16

CPE	Name	Operator	Version
	typo3/cms	lt	8.6.1
	typo3/cms	lt	7.6.16

github.com/advisories/GHSA-5gr6-97fv-52cc

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-2.yaml

typo3.org/security/advisory/typo3-core-sa-2017-003

7 High

AI Score

Confidence

High