Lucene search

K

Veracode Vulnerability DatabaseVERACODE:47351

HistoryJun 04, 2024 - 9:43 a.m.

Cross-Site Scripting (XSS)

2024-06-0409:43:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

typo3

file system

synchronization

arbitrary scripts

6.9 Medium

AI Score

Confidence

High

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to improper sanitization of file extensions containing malicious sequences when accessing the server’s file system directly or through synchronization, which allows an attacker to execute arbitrary scripts in the context of the user session.

6.9 Medium

AI Score

Confidence

High