TYPO3 Cross-Site Scripting in Frontend User Login
Moderate severity
GitHub Reviewed
Published
May 30, 2024
to the GitHub Advisory Database
•
Updated May 30, 2024
Package
Affected versions
>= 8.0.0, < 8.7.21
>= 9.0.0, < 9.5.2
>= 7.1.0, < 7.6.32
Patched versions
8.7.21
9.5.2
7.6.32
Description
Published to the GitHub Advisory Database
May 30, 2024
Reviewed
May 30, 2024
Last updated
May 30, 2024
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.
Template patterns that are affected are
References