CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS
Percentile
25.1%
> ### Meta
> * CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C
(5.0)
It has been discovered that the FileDumpController
(backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.
github.com/advisories/GHSA-9c6w-55cp-5w25
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
nvd.nist.gov/vuln/detail/CVE-2022-36107
typo3.org/security/advisory/typo3-core-sa-2022-009