BIT-TYPO3-2020-11065

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been...

PT-2020-12526 · Typo3 · Typo3/Cms

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.5.12 through 9.5.16 TYPO3 CMS versions 10.2.0 through 10.4.1 Description: The issue concerns link tags generated by typolink functionality, which are vulnerable to cross-site scripting. Properties being assigned as HTML...

TYPO3 'typoLink()' function cross-site scripting vulnerability

TYPO3 is a free and open source content management system. TYPO3 suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when...