TYPO3 Cross-Site Scripting in Fluid ViewHelpers

2024-06-0717:08:39

Google

osv.dev

typo3

cross-site scripting

fluid viewhelpers

user input

encoding

vulnerability

6.7 Medium

AI Score

Confidence

High

JSON

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting.

CPENameOperatorVersion
typo3/cmseq9.3.3
typo3/cmseq8.7.12
typo3/cmseq8.6.1
typo3/cmseq9.1.0
typo3/cmseq8.4.1
typo3/cmseq8.7.5
typo3/cmseq8.1.2
typo3/cmseq8.7.21
typo3/cmseq8.3.0
typo3/cmseq8.7.7

Name	Operator	Version
typo3/cms	eq	9.3.3
typo3/cms	eq	8.7.12
typo3/cms	eq	8.6.1
typo3/cms	eq	9.1.0
typo3/cms	eq	8.4.1
typo3/cms	eq	8.7.5
typo3/cms	eq	8.1.2
typo3/cms	eq	8.7.21
typo3/cms	eq	8.3.0
typo3/cms	eq	8.7.7

Rows per page:

1-10 of 511

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-4.yaml

github.com/TYPO3/typo3

github.com/TYPO3/typo3/commit/732c4acfaeaa7fd193674cd4d1ca7e369e21b96f

github.com/TYPO3/typo3/commit/c94f566514eaff62dd836541c99b438ac55f6842

typo3.org/security/advisory/typo3-core-sa-2019-005

6.7 Medium

AI Score

Confidence

High

JSON