CVE-2014-3949

Name of the Vulnerable Software and Affected Versions TYPO3 Grid Elements (gridelements) extension versions prior to 1.5.1 TYPO3 Grid Elements (gridelements) extension versions 2.0.x prior to 2.0.3

Description A cross-site scripting (XSS) issue exists in the layout wizard of the Grid Elements extension, allowing remote authenticated backend users to inject arbitrary web script or HTML.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later. For versions 2.0.x prior to 2.0.3, update to version 2.0.3 or later.