Cross-Site Scripting (XSS) vulnerability in typolinks

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:"...

GHSA-P5C5-GMJ4-G48F Cross-Site Scripting (XSS) vulnerability in typolinks

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:"...

Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer)

It has been discovered that the extension "HTML5 Video Player" html5videoplayer is susceptible to Cross-Site Scripting. Release Date: November 11, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 6.7.0 and below...