TYPO3 CMS has Cross-Site Scripting in Indexed Search

🗓️ 12 Jun 2026 19:06:52Reported by GitHub Advisory DatabaseType

TYPO3 Indexed Search vulnerability allows cross-site scripting from unsanitized page titles stored in the index; fixed in versions 13.4.31 LTS and 14.3.3 LTS.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2026-47348	10 Jun 202613:15	–	circl
CVE	CVE-2026-47348	9 Jun 202610:51	–	cve
Cvelist	CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search	9 Jun 202610:51	–	cvelist
EUVD	EUVD-2026-35395	12 Jun 202619:06	–	euvd
Friends Of PHP	TYPO3-CORE-SA-2026-010: Cross-Site Scripting in Indexed Search	9 Jun 202608:57	–	friendsofphp
NVD	CVE-2026-47348	9 Jun 202611:16	–	nvd
OSV	GHSA-CG75-QFG2-W9HJ TYPO3 CMS has Cross-Site Scripting in Indexed Search	12 Jun 202619:06	–	osv
Positive Technologies	PT-2026-47741	9 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-47348	10 Jun 202615:00	–	redhatcve
Vulnrichment	CVE-2026-47348 TYPO3 CMS - Cross-Site Scripting in Indexed Search	9 Jun 202610:51	–	vulnrichment

Vulners

Node

typo3 cms-indexed-searchRange14.0.0–14.3.3composer

typo3 cms-indexed-searchRange13.0.0–13.4.31composer

typo3 cms-coreRange14.0.0–14.3.3composer

typo3 cms-coreRange13.0.0–13.4.31composer

Source	Link
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-cg75-qfg2-w9hj
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-47348
github	www.github.com/TYPO3/typo3/commit/2e96dd0e9fab7ad877b741fb9f6fc645b4270a3e
github	www.github.com/TYPO3/typo3/commit/8004b91a5951cfe01dda8554f77d0daa82d6b899
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2026-47348.yaml
typo3	www.typo3.org/security/advisory/typo3-core-sa-2026-010
github	www.github.com/advisories/GHSA-cg75-qfg2-w9hj

12 Jun 2026 19:06Current

5.2Medium risk

Vulners AI Score5.2

CVSS 45.1

EPSS0.00044

SSVC

CWE-79