4 matches found
Cross-site Scripting (XSS)
typo3/cms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to failing to properly encode user input in online media asset rendering for .youtube and .vimeo files, requiring a valid backend user account or write access on the server system to exploit...
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering .youtube and .vimeo files is vulnerable to cross-site scripting. A valid backend user account or write access on the server system e.g. SFTP is needed in order to exploit this vulnerability...
PT-2024-40498 · Unknown · Online Media Asset Rendering
Name of the Vulnerable Software and Affected Versions: Online media asset rendering affected versions not specified Description: The issue arises from the failure to properly encode user input, making online media asset rendering vulnerable to cross-site scripting, particularly for .youtube and...
typo3 -- multiple vulnerabilities
Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...