Code injection

2022-06-1421:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

CPENameOperatorVersion
typo3ge11.0.0
typo3lt11.5.11
typo3ge10.0.0
typo3lt10.4.29
typo3ge9.0.0
typo3lt9.5.35

Name	Operator	Version
typo3	ge	11.0.0
typo3	lt	11.5.11
typo3	ge	10.0.0
typo3	lt	10.4.29
typo3	ge	9.0.0
typo3	lt	9.5.35

References

github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d

github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm

typo3.org/security/advisory/typo3-core-sa-2022-004