Jan Kahmen

**Name of the Vulnerable Software and Affected Versions** TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 **Description** Editors with permissions to create or modify page content can include HTML markup in page titles. These titles are stored in the search index without sanitization and are subsequently rendered without proper output encoding when displayed in frontend search results via the Indexed Search plugin. This leads to Cross-Site Scripting, a condition where malicious scripts are injected into otherwise trusted websites. **Recommendations** Update TYPO3 CMS versions 13.0.0 through 13.4.30 to a version later than 13.4.30. Update TYPO3 CMS versions 14.0.0 through 14.3.2 to a version later than 14.3.2.