Lucene search
TYPO3 AssociationTYPO3-EXT-SA-2021-010HistoryAug 10, 2021 - 12:00 a.m.
Cross-Site Scripting in Extension "femanager" (femanager)
2021-08-1000:00:00
TYPO3 Association
typo3.org
24
femanager
cross-site scripting
svg file upload
EPSS
0.004
Percentile
74.3%
The extension allows by default to upload SVG files when a logged in frontend user uploads a new profile image. This may lead to Cross-Site Scripting, when the uploaded SVG image is used as is on the website.
Related
nvd
nvd
CVE-2021-36787
2021-08-13 17:15:16
zdt
zdt
TYPO3 femanager 6.3.0 Cross Site Scripting Vulnerability
2022-01-25 00:00:00
prion
prion
Design/Logic Flaw
2021-08-13 17:15:00
packetstorm
packetstorm
TYPO3 femanager 6.3.0 Cross Site Scripting
2022-01-25 00:00:00
cve
cve
CVE-2021-36787
2021-08-13 17:15:16
osv
osv
CVE-2021-36787
2021-08-13 17:15:16
Cross-site Scripting in the femanager TYPO3 extension
2021-09-01 18:36:51
veracode
veracode
Cross-site Scripting (XSS)
2021-08-16 05:33:44
cnvd
cnvd
TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17974)
2021-08-16 00:00:00
cvelist
cvelist
CVE-2021-36787
2021-08-13 16:15:25
github
github
Cross-site Scripting in the femanager TYPO3 extension
2021-09-01 18:36:51