Cross-Site Scripting in TYPO3 CMS Backend · GHSA-v4qr-8h2v-qpjx · GitHub Advisory Database · GitHub

Cross-Site Scripting in TYPO3 CMS Backend

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

typo3/cms (Composer)

Affected versions

>= 8.0.0, < 8.7.5

Patched versions

8.7.5

Description

Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.

References

Published to the GitHub Advisory Database Jun 5, 2024

Reviewed Jun 5, 2024

Last updated Jun 5, 2024

Severity

Moderate

5.4

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N