Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.
Template patterns that are affected are
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms-core | lt | 7.6.32 | |
typo3/cms-core | lt | 9.5.2 | |
typo3/cms-core | lt | 8.7.21 |