TYPO3 Cross-Site Scripting in Link Handling
Moderate severity
GitHub Reviewed
Published
May 30, 2024
to the GitHub Advisory Database
•
Updated May 30, 2024
Package
Affected versions
>= 10.0.0, < 10.2.1
>= 8.0.0, < 8.7.30
>= 9.0.0, < 9.5.12
Patched versions
10.2.1
8.7.30
9.5.12
Description
Published to the GitHub Advisory Database
May 30, 2024
Reviewed
May 30, 2024
Last updated
May 30, 2024
It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink.
References