TYPO3 Cross-Site Scripting in Form Framework validation handling

2024-06-0718:26:07

CWE-79

GitHub Advisory Database

github.com

typo3

form framework

cross-site scripting

validation handling

software vulnerability

6.7 Medium

AI Score

Confidence

High

It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<9.5.12

typo3cms_poll_system_extensionRange<8.7.30

typo3cms_poll_system_extensionRange<10.2.1

CPENameOperatorVersion
typo3/cmslt9.5.12
typo3/cmslt8.7.30
typo3/cmslt10.2.1

Name	Operator	Version
typo3/cms	lt	9.5.12
typo3/cms	lt	8.7.30
typo3/cms	lt	10.2.1

github.com/advisories/GHSA-v8m4-3w37-ghxx

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-1.yaml

github.com/TYPO3/typo3/commit/966a0038c16c04d484c1703fba9fdc13f3e7a95c

github.com/TYPO3/typo3/commit/9692bf83f8310cca17c9a968c4fe92ffe0deb59d

github.com/TYPO3/typo3/commit/e971b012c837f1e64c1498b567ef6eec304febe5

typo3.org/security/advisory/typo3-core-sa-2019-021

6.7 Medium

AI Score

Confidence

High