BIT-TYPO3-2020-15241
TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...