BIT-TYPO3-2021-32669

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for backend layouts are not properly encoded, the corresponding grid view is vulnerable to...

GHSA-RGCG-28XM-8MMW Cross-Site Scripting in Backend Grid View

Problem Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the...

Cross-Site Scripting in Backend Grid View

Problem Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Solution Update to TYPO3 versions 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the...

Cross-Site Scripting (XSS)

typo3/cms is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via backend layouts...

PT-2021-3863 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the failure to properly encode settings for backend layouts, making the corresponding grid vie...

Cross-Site Scripting in Backend Grid View

Failing to properly encode settings for backend layouts, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability...