brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS

2022-06-1721:46:14

Google

osv.dev

0.001 Low

EPSS

Percentile

22.9%

JSON

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.

CPENameOperatorVersion
brotkrueml/schemaeq2.2.2
brotkrueml/schemaeq2.2.0
brotkrueml/schemaeq0.6.0
brotkrueml/schemaeq1.12.0
brotkrueml/schemaeq1.4.2
brotkrueml/schemaeq2.5.0
brotkrueml/schemaeq0.3.0
brotkrueml/schemaeq0.8.1
brotkrueml/schemaeq1.10.0
brotkrueml/schemaeq1.5.0

Name	Operator	Version
brotkrueml/schema	eq	2.2.2
brotkrueml/schema	eq	2.2.0
brotkrueml/schema	eq	0.6.0
brotkrueml/schema	eq	1.12.0
brotkrueml/schema	eq	1.4.2
brotkrueml/schema	eq	2.5.0
brotkrueml/schema	eq	0.3.0
brotkrueml/schema	eq	0.8.1
brotkrueml/schema	eq	1.10.0
brotkrueml/schema	eq	1.5.0