Lucene search

K

GoogleOSV:GHSA-6XWF-7RFM-4GWC

HistoryMay 30, 2024 - 6:35 p.m.

TYPO3 Cross-Site Scripting in Filelist Module

2024-05-3018:35:47

Google

osv.dev

5

typo3

cross-site scripting

filelist module

output table

files backend

file extension

malicious sequences

file system

server

AI Score

6.5

Confidence

High

It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences.

Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability.

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-12-17-3.yaml

github.com/TYPO3-CMS/core

typo3.org/security/advisory/typo3-core-sa-2019-023

AI Score

6.5

Confidence

High