typo3/cms-core is vulnerable to cross-site scripting (XSS). The vulnerability exists as decoded entities generated by the typolink functionality were not encoded back to HTML before it gets rendered.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms-core | le | 9.5.16 | |
typo3/cms-core | le | 10.4.1 |