2 matches found
CVE-2024-34355
TYPO3 history backend module (software: TYPO3) is affected in versions 13.0.0 up to 13.1.0. The vulnerability is an HTML injection flaw in historyRow.title that persists despite CSP headers; exploitation requires a valid backend user account. The issue is resolved in TYPO3 v13.1.1. Connected advi...
PT-2024-25812 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...