TYPO3 Cross-Site Scripting in Form Framework validation handling

It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...

Authentication Bypass

bytefury/crater is vulnerable to authentication bypass. The vulnerability exists due to improper user validation handling in payment method delete which allows an unauthenticated user to all expense receipts uploaded to a company...

Cross-Site Scripting in Form Framework validation handling

It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting...