TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

🗓️ 08 Feb 2023 21:33:24Reported by GitHub Advisory DatabaseType

TYPO3 Cross-Site Scripting vulnerability fi

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2023-24814	7 Feb 202322:23	–	circl
CNNVD	TYPO3 跨站脚本漏洞	7 Feb 202300:00	–	cnnvd
CVE	CVE-2023-24814	7 Feb 202318:14	–	cve
Cvelist	CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3	7 Feb 202318:14	–	cvelist
EUVD	EUVD-2023-0784	3 Oct 202520:07	–	euvd
Friends Of PHP	TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering	7 Feb 202309:24	–	friendsofphp
Friends Of PHP	TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering	7 Feb 202309:24	–	friendsofphp
NVD	CVE-2023-24814	7 Feb 202319:15	–	nvd
OpenVAS	TYPO3 XSS Vulnerability (TYPO3-core-sa-2023-001)	8 Feb 202300:00	–	openvas
OSV	BIT-TYPO3-2023-24814	6 Mar 202411:08	–	osv

Vulners

Node

typo3 cms-coreRange8.7.0–8.7.51composer

typo3 cms-coreRange9.0.0–9.5.40composer

typo3 cms-coreRange10.0.0–10.4.36composer

typo3 cms-coreRange11.0.0–11.5.23composer

typo3 cms-coreRange12.0.0–12.2.0composer

Source	Link
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-24814
github	www.github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
docs	www.docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml
github	www.github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php
github	www.github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
typo3	www.typo3.org/security/advisory/typo3-core-sa-2023-001
typo3	www.typo3.org/security/advisory/typo3-psa-2023-001
github	www.github.com/advisories/GHSA-r4f8-f93x-5qh3