Lucene search
GitHub Advisory DatabaseGHSA-7Q33-HXWJ-7P8VHistoryJun 07, 2024 - 7:44 p.m.
TYPO3 Cross-Site Scripting in Backend Modal Component
2024-06-0719:44:49
CWE-79
GitHub Advisory Database
github.com
4
typo3
backend
cross-site scripting
user input
modal component
vulnerability
AI Score
6.7
Confidence
High
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
Affected configurations
Node
typo3typo3_cmsRange9.0.0–9.5.2
ORtypo3typo3_cmsRange8.0.0–8.7.21
ORtypo3typo3_cmsRange7.0.0–7.6.32
References
github.com/advisories/GHSA-7q33-hxwj-7p8v
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
typo3.org/security/advisory/typo3-core-sa-2018-007
AI Score
6.7
Confidence
High