TYPO3 Cross-Site Scripting in Form Framework validation handling

2024-05-3018:31:36

CWE-79

GitHub Advisory Database

github.com

cross-site scripting

field validation

typo3

software vulnerability

6.7 Medium

AI Score

Confidence

High

It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.12

typo3cms_poll_system_extensionRange<8.7.30

typo3cms_poll_system_extensionRange<10.2.1

CPENameOperatorVersion
typo3/cms-corelt9.5.12
typo3/cms-corelt8.7.30
typo3/cms-corelt10.2.1

Name	Operator	Version
typo3/cms-core	lt	9.5.12
typo3/cms-core	lt	8.7.30
typo3/cms-core	lt	10.2.1

github.com/advisories/GHSA-95qm-3xp7-vfj5

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-12-17-1.yaml

typo3.org/security/advisory/typo3-core-sa-2019-021

6.7 Medium

AI Score

Confidence

High