Lucene search
Veracode Vulnerability DatabaseVERACODE:35994HistoryJun 15, 2022 - 4:51 a.m.
HTML Injection
2022-06-1504:51:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.001 Low
EPSS
Percentile
25.1%
typo3/cms is vulnerable to HTML injection. The vulnerability exists due to the lack of sanitization used in the receiverName parameter in PasswordRecovery.html, allowing an attacker to inject and execute malicious html content on the web page.
References
github.com/TYPO3/typo3/commit/479363285cda70d0eefc605d67f1a49f0bdf9b44
github.com/TYPO3/typo3/commit/7d46791c9092db9bc46193f3d10a64e575c1b35a
github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d
github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm
review.typo3.org/c/Packages/TYPO3.CMS/+/74895
typo3.org/security/advisory/typo3-core-sa-2022-004
Related
osv
osv
BIT-typo3-2022-31049
2024-03-06 11:09:21
CVE-2022-31049
2022-06-14 21:15:16
Cross-Site Scripting in TYPO3's Frontend Login Mailer
2022-06-17 20:56:24
friendsofphp
friendsofphp
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
2022-06-14 07:11:45
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
2022-06-14 07:11:45
github
github
Cross-Site Scripting in TYPO3's Frontend Login Mailer
2022-06-17 20:56:24
cvelist
cvelist
CVE-2022-31049 Cross-Site Scripting in Frontend Login Mailer
2022-06-14 20:50:12
nvd
nvd
CVE-2022-31049
2022-06-14 21:15:16
prion
prion
Code injection
2022-06-14 21:15:00
openvas
openvas
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-004)
2022-06-15 00:00:00
cve
cve
CVE-2022-31049
2022-06-14 21:15:16