Typo3 · Typo3/Cms · CVE-2020-11064
**Name of the Vulnerable Software and Affected Versions**
TYPO3 CMS versions 9.0.0 through 9.5.16
TYPO3 CMS versions 10.0.0 through 10.4.1
**Description**
A cross-site scripting issue has been discovered in the HTML `placeholder` attributes, which contain data from other database records. This issue can be exploited with a valid backend user account.
**Recommendations**
For TYPO3 CMS versions 9.0.0 through 9.5.16, update to version 9.5.17.
For TYPO3 CMS versions 10.0.0 through 10.4.1, update to version 10.4.2.