Cross Site Scripting (XSS)

🗓️ 27 Jul 2023 08:15:29Reported by Veracode Vulnerability DatabaseType

TYPO3 vulnerability to Stored XSS due to unfiltered server environment variable and TypoScript settin

Reporter	Title	Published	Views	Family All 19
Circl	CVE-2023-24814	7 Feb 202322:23	–	circl
CNNVD	TYPO3 跨站脚本漏洞	7 Feb 202300:00	–	cnnvd
CVE	CVE-2023-24814	7 Feb 202318:14	–	cve
Cvelist	CVE-2023-24814 Persisted Cross-Site Scripting in Frontend Rendering in typo3	7 Feb 202318:14	–	cvelist
EUVD	EUVD-2023-0784	3 Oct 202520:07	–	euvd
Friends Of PHP	TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering	7 Feb 202309:24	–	friendsofphp
Friends Of PHP	TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering	7 Feb 202309:24	–	friendsofphp
Github Security Blog	TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering	8 Feb 202321:33	–	github
NVD	CVE-2023-24814	7 Feb 202319:15	–	nvd
OpenVAS	TYPO3 XSS Vulnerability (TYPO3-core-sa-2023-001)	8 Feb 202300:00	–	openvas

Vulners

Node

cms typo3/cmsRange6.2.0–v10.4.34php

cms typo3/cmsRangev11.0.0–v11.5.22php

cms typo3/cmsRangev12.0.0–v12.1.3php

Source	Link
github	www.github.com/TYPO3/typo3/commit/fa9832df37101579d5d52498616cb31e37ac3804
typo3	www.typo3.org/security/advisory/typo3-core-sa-2023-001
typo3	www.typo3.org/security/advisory/typo3-psa-2023-001
github	www.github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
github	www.github.com/TYPO3/typo3/commit/b809408340b00569d4979b7c4a6bf1d334f9a580
github	www.github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
docs	www.docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html
github	www.github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php
github	www.github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

27 Jul 2023 13:49Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1 - 8.8

EPSS0.00867

SSVC