0.001 Low
EPSS
Percentile
45.9%
typo3fluid/fluid is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript in a user’s browser via conditional operator in templates such as {showFullName ? fullName : defaultValue}.
{showFullName ? fullName : defaultValue}
github.com/TYPO3/Fluid/commit/9ef6a8ffff2e812025fc0701b4ce72eea6911a3d
github.com/TYPO3/Fluid/security/advisories/GHSA-7733-hjv6-4h47
typo3.org/security/advisory/typo3-core-sa-2019-013