The vulnerability of the GeneralUtility::getIndpEnv() function in the TYPO3 content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the GeneralUtility::getIndpEnv function in the TYPO3 content management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially...

TYPO3 XSS Vulnerability (TYPO3-core-sa-2023-001)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

Cross site scripting

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

PT-2023-1502 · Typo3 +1 · Typo3 +1

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.51 ELTS TYPO3 versions prior to 9.5.40 ELTS TYPO3 versions prior to 10.4.35 LTS TYPO3 versions prior to 11.5.23 LTS TYPO3 versions prior to 12.2.0 Description: The TYPO3 core component GeneralUtility::getIndpEnv us...

TYPO3 8.7.0 < 8.7.51 ELTS / 9.0.0 < 9.5.40 ELTS / 10.0.0 < 10.4.36 / 11.0.0 < 11.5.23 / 12.0.0 < 12.2.0 XSS (TYPO3-CORE-SA-2023-001)

The version of TYPO3 installed on the remote host is prior to 8.7.0 8.7.51 ELTS / 9.0.0 9.5.40 ELTS / 10.0.0 10.4.36 / 11.0.0 11.5.23 / 12.0.0 12.2.0. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-001 advisory. - TYPO3 core component...