Search for packages
| purl | pkg:composer/typo3/cms-core@9.5.287 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-v92t-hba5-9uec
Aliases: CVE-2021-32667 GHSA-8mq9-fqv8-59wf |
Cross-Site Scripting in Page Preview > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.0) ### Problem Failing to properly encode _Page TSconfig_ settings, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### Credits Thanks to TYPO3 core merger Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-009](https://typo3.org/security/advisory/typo3-core-sa-2021-009) |
Affected by 28 other vulnerabilities. Affected by 30 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:11:45.859868+00:00 | GitLab Importer | Affected by | VCID-v92t-hba5-9uec | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32667.yml | 36.1.3 |