Typo3 · Typo3 · CVE-2022-36108
**Name of the Vulnerable Software and Affected Versions**
TYPO3 versions prior to 10.4.32
TYPO3 versions prior to 11.5.16
**Description**
The `f:asset.css` view helper in TYPO3 is vulnerable to cross-site scripting when user input is passed as variables to the CSS.
**Recommendations**
Update to TYPO3 version 10.4.32 or 11.5.16 to fix the issue.
As a temporary workaround, consider disabling the `f:asset.css` view helper until a patch is available.