GoogleOSV:GHSA-HW6C-6GWQ-3M3MTYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
15.5%
Problem
Failing to properly encode user-controlled values in file entities, the ShowImageController (eID tx_cms_showpic) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities.
Solution
Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.
Credits
Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.
References
References
github.com/TYPO3/typo3
github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7
github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee
github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1
github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m
nvd.nist.gov/vuln/detail/CVE-2024-34357
typo3.org/security/advisory/typo3-core-sa-2024-009
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
15.5%