CVE-2018-6905
CVE-2018-6905 affects TYPO3 page module up to versions prior to 8.7.11 and 9.1.0, enabling cross-site scripting via the global setting TYPO3_CONF_VARS[SYS][sitename] when an admin enters a crafted site name during installation. The vulnerability is a client-controlled reflection in the site name ...