Typo3 Cross-Site Scripting in Language Pack Handling

2024-06-0517:23:19

Google

osv.dev

typo3

language pack

xss

vulnerability

install tool

6.4 Medium

AI Score

Confidence

High

JSON

Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting.

CPENameOperatorVersion
typo3/cmseq9.0.0
typo3/cmseq9.3.0
typo3/cmseq9.3.1
typo3/cmseq9.4.0
typo3/cmseq9.5.2
typo3/cmseq9.3.3
typo3/cmseq9.5.3
typo3/cmseq9.2.0
typo3/cmseq9.5.0
typo3/cmseq9.5.1

Name	Operator	Version
typo3/cms	eq	9.0.0
typo3/cms	eq	9.3.0
typo3/cms	eq	9.3.1
typo3/cms	eq	9.4.0
typo3/cms	eq	9.5.2
typo3/cms	eq	9.3.3
typo3/cms	eq	9.5.3
typo3/cms	eq	9.2.0
typo3/cms	eq	9.5.0
typo3/cms	eq	9.5.1

Rows per page:

1-10 of 131

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-8.yaml

github.com/TYPO3/typo3

typo3.org/security/advisory/typo3-core-sa-2019-004

6.4 Medium

AI Score

Confidence

High

JSON