Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-HQ37-RFJC-MR8H
HistoryJun 05, 2024 - 3:03 p.m.

Cross-Site Scripting (XSS) in TYPO3 Backend

2024-06-0515:03:28
CWE-79
GitHub Advisory Database
github.com
4
cross-site scripting
typo3
backend
user input
encoding
vulnerability
exploit
user account
edit plugins

AI Score

7

Confidence

High

JSON

Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.

Affected configurations

Vulners
Node
typo3typo3_cmsRange8.0.08.3.1
OR
typo3typo3_cmsRange7.6.07.6.11
OR
typo3typo3_cmsRange6.2.06.2.27
VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

AI Score

7

Confidence

High

JSON