Lucene search
TYPO3 AssociationTYPO3-EXT-SA-2020-009HistoryJul 07, 2020 - 12:00 a.m.
Cross-Site Scripting in extension "Faceted Search" (ke_search)
2020-07-0700:00:00
TYPO3 Association
typo3.org
10
0.001 Low
EPSS
Percentile
19.4%
The extension fails to properly encode user input for output in HTML context. The issue is only exploitable by backend users with access to indexer- and filter-configurations.
Related
osv
osv
ke_search for Typo3 XSS Vulnerability
2022-05-24 17:22:32
github
github
ke_search for Typo3 XSS Vulnerability
2022-05-24 17:22:32
prion
prion
Cross site scripting
2020-07-07 14:15:00
cve
cve
CVE-2020-15517
2020-07-07 14:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2020-07-08 04:10:27
cvelist
cvelist
CVE-2020-15517
2020-07-07 13:44:23
nvd
nvd
CVE-2020-15517
2020-07-07 14:15:11