2 matches found
Cross-site Scripting in pegasus/google-for-jobs
An XSS issue was discovered in the googleforjobs aka Google for Jobs extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...
CVE-2021-43561
The CVE-2021-43561 entry relates to a Cross‑Site Scripting (XSS) vulnerability in the TYPO3 Google for Jobs extension (google_for_jobs). The issue arises from insufficient encoding of user input used in HTML output, enabling an XSS condition when a TYPO3 backend user account is present. Affected ...