Search for packages
| purl | pkg:composer/typo3/cms@8.7.41 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-y32z-2d3f-gkgw
Aliases: CVE-2021-32768 GHSA-c5c9-8c6m-727v |
Cross-site Scripting TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:48:39.128828+00:00 | GitLab Importer | Affected by | VCID-y32z-2d3f-gkgw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-32768.yml | 38.0.0 |