Lucene search

K
typo3TYPO3 AssociationTYPO3-EXT-SA-2020-015
HistoryJul 29, 2020 - 12:00 a.m.

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

2020-07-2900:00:00
TYPO3 Association
typo3.org
68

EPSS

0.061

Percentile

93.6%

The extension fails to properly encode user input for output in HTML context. In addition, the extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting.

CPENameOperatorVersion
dlfle3.1.1