Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...

BIT-TYPO3-2021-32667

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When Page TSconfig settings are not properly encoded, corresponding page preview module WebView is vulnerabl...

The vulnerability of the Page TSconfig configuration implementation in the TYPO3 content management system allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Page TSconfig configuration implementation in the TYPO3 content management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17985)

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 has a cross-site scripting vulnerability that stems from the fact that when the Page TSconfig settings are not coded correctly, the corresponding page preview module Web＞View i...

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2021-009)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

CVE-2021-32667

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When Page TSconfig settings are not properly encoded, corresponding page preview module WebView is vulnerabl...

Cross site scripting

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When Page TSconfig settings are not properly encoded, corresponding page preview module WebView is vulnerabl...

CVE-2021-32667

TYPO3 is vulnerable to a persistent cross-site scripting (XSS) in the Page TSconfig-driven Web>View page preview. A backend user is needed to exploit. Affected are TYPO3 CMS versions: 9.0.0–9.5.28, 10.0.0–10.4.17, and 11.0.0–11.3.0. The issue arises when Page TSconfig settings are not properly...

PT-2021-3864 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 Description: The issue is related to the implementation of the Page TSconfig configuration in the TYPO3 content management system,...