Search for packages
| purl | pkg:composer/typo3/cms@7.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1tmr-rtyv-xbat
Aliases: 2014-12-09-2 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Possible cache poisining on the homepage when anchors are used. |
Affected by 0 other vulnerabilities. |
|
VCID-1txn-xjt1-37ha
Aliases: 2018-12-11-3 |
Cross-site Scripting Cross-Site Scripting in Frontend User Login. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-2k75-zp2r-67da
Aliases: TYPO3-CORE-SA-2015-012 |
Cross-Site Scripting vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme "javascript:". |
Affected by 0 other vulnerabilities. |
|
VCID-2ypz-t2ty-c3e3
Aliases: CVE-2020-8091 GHSA-qvhv-pwww-53jj |
Typo3 Cross-Site Scripting in Flash component (ELTS) TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. |
Affected by 0 other vulnerabilities. |
|
VCID-33h5-eea4-rben
Aliases: 2015-12-15-2 |
Cross-site Scripting Cross-Site Scripting vulnerability in typolinks. |
Affected by 0 other vulnerabilities. |
|
VCID-4mfu-2wkc-ybbw
Aliases: GHSA-8m6j-p5jv-v69w |
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4zub-buj2-5kbh
Aliases: GHSA-f3wf-q4fj-3gxf |
TYPO3 Denial of Service in Online Media Asset Handling Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-53bg-1gfq-7bap
Aliases: 2018-12-11-2 |
Cross-site Scripting Cross-Site Scripting in Backend Modal Component. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7hxf-mt3r-6bag
Aliases: 2015-07-01-6 |
Cross-site Scripting Cross-Site Scripting in 3rd party library Flowplayer. |
Affected by 0 other vulnerabilities. |
|
VCID-7rqj-m3xh-5uam
Aliases: 2015-09-08-1 |
Information Exposure Frontend: Unauthenticated Path Disclosure. |
Affected by 0 other vulnerabilities. |
|
VCID-7yn7-f2cw-ukfj
Aliases: 2018-12-11-6 |
Uncontrolled Resource Consumption Denial of Service in Online Media Asset Handling. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8re4-c6j8-hyfh
Aliases: 2018-12-11-7 |
Uncontrolled Resource Consumption Denial of Service in Frontend Record Registration. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-af14-5ttt-t7ac
Aliases: TYPO3-CORE-SA-2015-011 |
Multiple Cross-Site Scripting vulnerabilities in backend Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript. |
Affected by 0 other vulnerabilities. |
|
VCID-c9g4-gcfy-8ug4
Aliases: 2015-12-15-3 |
Cross-site Scripting Multiple Cross-Site Scripting vulnerabilities in frontend. |
Affected by 0 other vulnerabilities. |
|
VCID-crve-atm4-zyaf
Aliases: 2014-12-09-1 |
URL Redirection to Untrusted Site ('Open Redirect') Possible link spoofing on the homepage when anchors are used. |
Affected by 0 other vulnerabilities. |
|
VCID-cvpr-b5np-6bcv
Aliases: 2018-07-12-1 |
Improper Authentication Authentication Bypass in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-cwsm-v895-nqc7
Aliases: CVE-2015-5956 GHSA-989h-wv8x-933p |
TYPO3 cross-site scripting (XSS) The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. |
Affected by 0 other vulnerabilities. |
|
VCID-d42j-347n-e7en
Aliases: CVE-2021-21338 GHSA-4jhw-2p6j-5wmp |
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dkr9-d6n6-puf5
Aliases: TYPO3-CORE-SA-2015-013 |
Multiple Cross-Site Scripting vulnerabilities in frontend Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML. |
Affected by 0 other vulnerabilities. |
|
VCID-dm7r-2u9q-17hh
Aliases: GHSA-p84g-j2gh-83g3 |
TYPO3 possible cache poisoning on the homepage when anchors are used A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page. |
Affected by 0 other vulnerabilities. |
|
VCID-dwrf-me8a-z7fa
Aliases: 2015-07-01-1 |
Improper Access Control Access bypass when editing file metadata. |
Affected by 0 other vulnerabilities. |
|
VCID-ekj9-nhu4-93cc
Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh |
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fhr8-f4h5-6ffx
Aliases: GHSA-7q33-hxwj-7p8v |
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fj4s-fcy4-2fcj
Aliases: 2018-12-11-1 |
Cross-site Scripting Cross-Site Scripting in Online Media Asset Rendering. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hdsj-ya24-9uhk
Aliases: GHSA-g585-crjf-vhwq |
TYPO3 Denial of Service in Frontend Record Registration TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create an arbitrary amount of individual session-data records in the database. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hrjb-bbbx-1kbq
Aliases: 2018-12-11-5 |
Information Disclosure in Install Tool. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jyxd-d6ce-7qd9
Aliases: GHSA-r287-hc8j-w56h |
TYPO3 Information Disclosure Vulnerability Exploitable by Editors It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-k7zv-e4ez-dbaz
Aliases: GHSA-5cxf-xx9j-54jc |
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript. |
Affected by 0 other vulnerabilities. |
|
VCID-kktc-18fc-cuar
Aliases: GHSA-pqfv-97hj-g97g |
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation. |
Affected by 0 other vulnerabilities. |
|
VCID-maa6-4fkn-pqhz
Aliases: GHSA-jqr8-q455-xx45 |
TYPO3 Brute Force Protection Bypass in backend login The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more feasible. |
Affected by 0 other vulnerabilities. |
|
VCID-mf9a-exme-b3ca
Aliases: GHSA-6f9m-v7mp-7jjq |
Authentication Bypass in TYPO3 CMS It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mgtw-94ks-a7du
Aliases: GHSA-f777-f784-36gm |
TYPO3 Security Misconfiguration in Install Tool Cookie It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mpuk-6hdb-sqh7
Aliases: GHSA-6487-3qvg-8px9 |
TYPO3 Information Disclosure in Install Tool The Install Tool exposes the current TYPO3 version number to non-authenticated users. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-n14c-7g17-qudk
Aliases: GHSA-r9vc-jfmh-6j48 |
TYPO3 frontend login vulnerable to Session Fixation It has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a different Cross-Site Scripting vulnerability) and then maybe getting access to an authenticated session. |
Affected by 0 other vulnerabilities. |
|
VCID-n7ha-dtwq-xqf9
Aliases: 2018-07-12-2 |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-nnxd-zjsh-wqbp
Aliases: GHSA-wp8j-c736-c5r3 |
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-rf5y-9xhy-ckhk
Aliases: 2015-07-01-5 |
Improper Restriction of Excessive Authentication Attempts Brute Force Protection Bypass in backend login. |
Affected by 0 other vulnerabilities. |
|
VCID-rmnv-emnu-6bfy
Aliases: CVE-2021-32767 GHSA-34fr-fhqr-7235 |
Information Disclosure in User Authentication > ### Meta > * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the _default_ configuration. ### Solution Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### Credits Thanks to Ingo Schmitt who reported this issue, and to TYPO3 core & security team member Benni Mack who fixed the issue. ### References * [TYPO3-CORE-SA-2021-012](https://typo3.org/security/advisory/typo3-core-sa-2021-012) |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-rnen-s5y6-8yg1
Aliases: CVE-2015-8759 GHSA-j5v7-9xr5-m7gx |
TYPO3 Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. |
Affected by 0 other vulnerabilities. |
|
VCID-tvq8-qbwc-qkfs
Aliases: CVE-2021-32768 GHSA-c5c9-8c6m-727v |
Cross-Site Scripting via Rich-Text Content > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7) ### Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Functions/Htmlparser.html)_ do not consider all potentially malicious HTML tag & attribute combinations per default. In addition, the lack of comprehensive default node configuration for rich-text fields in the backend user interface fosters this malfunction. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. ### Solution Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described above. Custom package _[typo3/html-sanitizer](https://github.com/TYPO3/html-sanitizer)_ - based on allow-lists only - takes care of sanitizing potentially malicious markup. The default behavior is based on safe and commonly used markup - however, this can be extended or restricted further in case it is necessary for individual scenarios. During the frontend rendering process, sanitization is applied to the default TypoScript path `lib.parseFunc`, which is implicitly used by the Fluid view-helper instruction `f:format.html`. Rich-text data persisted using the backend user interface is sanitized as well. Implementation details are explained in corresponding [ChangeLog documentation](https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Important-94484-IntroduceHTMLSanitizer.html). ### Credits Thanks to Benjamin Stiber, Gert-Jan Jansma, Gábor Ács-Kurucz, Alexander Kellner, Richie Lee, Nina Rösch who reported this issue, and to TYPO3 security team member Oliver Hader, as well as TYPO3 contributor Susanne Moog who fixed the issue. ### References * [TYPO3-CORE-SA-2021-013](https://typo3.org/security/advisory/typo3-core-sa-2021-013) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-u4n4-rh2y-8ycg
Aliases: GHSA-6fc6-cj2j-h22x |
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML. |
Affected by 0 other vulnerabilities. |
|
VCID-ukvt-pj2t-9kcq
Aliases: GHSA-2rcw-9hrm-8q7q |
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken) |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-urhg-ftwf-pubr
Aliases: 2015-07-01-2 |
Frontend login Session Fixation. |
Affected by 0 other vulnerabilities. |
|
VCID-v83x-2hx7-yycg
Aliases: CVE-2021-21339 GHSA-qx3w-4864-94ch |
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006) |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-w2qy-69nb-5ke5
Aliases: GHSA-ppgf-8745-8pgx |
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-w5s9-wjpe-bkc1
Aliases: CVE-2013-7341 GHSA-j6c3-3c4w-qv8p |
Moodle cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. |
Affected by 0 other vulnerabilities. |
|
VCID-wvzh-uxhw-g3d5
Aliases: 2015-07-01-3 |
Cross-site Scripting Cross-Site Scripting exploitable by Editors. |
Affected by 0 other vulnerabilities. |
|
VCID-xsd3-6zyc-j7dg
Aliases: 2018-12-11-4 |
Security Misconfiguration in Install Tool Cookie. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-y8va-79qc-97cc
Aliases: GHSA-75mx-chcf-2q32 |
TYPO3 Cross-Site Scripting vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`. |
Affected by 0 other vulnerabilities. |
|
VCID-y93e-ckjh-wqea
Aliases: 2015-07-01-4 |
Information Disclosure possibility exploitable by Editors. |
Affected by 0 other vulnerabilities. |
|
VCID-ype3-tase-wue6
Aliases: GMS-2015-25 |
Unauthenticated Path Disclosure It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation. |
Affected by 0 other vulnerabilities. |
|
VCID-yq8z-3ahh-1kbj
Aliases: GHSA-4r76-xr68-w7m7 |
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts. |
Affected by 0 other vulnerabilities. |
|
VCID-zrsh-tk2s-2uhm
Aliases: 2015-12-15-1 |
Cross-site Scripting Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-rtd6-q7tg-ykfh | Cross-Site Scripting in Fluid view helpers > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) > * CWE-79 ### Problem It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. ``` <f:form ... fieldNamePrefix="{payload}" /> <f:be.labels.csh ... label="{payload}" /> <f:be.menus.actionMenu ... label="{payload}" /> ``` ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 security team members Helmut Hummel & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2020-010](https://typo3.org/security/advisory/typo3-core-sa-2020-010) |
CVE-2020-26227
GHSA-vqqx-jw6p-q3rf |