CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
EPSS
Percentile
65.6%
typo3 is vulnerable to Stored XSS. The vulnerability is due to GeneralUtility::getIndpEnv()
function which uses unfiltered server environment variable PATH_INFO
and TypoScript setting config.absRefPrefix=auto
. This can lead to an attacker injecting malicious content or malicious HTML code in non-rendered and non-cached content resulting in persisted cross-site scripting when the pages are viewed by other users.
github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
github.com/TYPO3/typo3/commit/b809408340b00569d4979b7c4a6bf1d334f9a580
github.com/TYPO3/typo3/commit/fa9832df37101579d5d52498616cb31e37ac3804
github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
typo3.org/security/advisory/typo3-core-sa-2023-001
typo3.org/security/advisory/typo3-psa-2023-001