AI Score
Confidence
High
typo3/cms-core is vulnerable to Cross-Site scripting (XSS). The vulnerability is caused by improper user input encoding when using templates in the built-in Fluid ViewHelpers, which allows an attacker to inject malicious scripts into the browser.