Typo3 · Typo3/Cms · CVE-2020-11065
**Name of the Vulnerable Software and Affected Versions**
TYPO3 CMS versions 9.5.12 through 9.5.16
TYPO3 CMS versions 10.2.0 through 10.4.1
**Description**
The issue concerns link tags generated by `typolink` functionality, which are vulnerable to cross-site scripting. Properties being assigned as HTML attributes have not been parsed correctly.
**Recommendations**
Update to version 9.5.17 to resolve the issue for versions 9.5.12 through 9.5.16.
Update to version 10.4.2 to resolve the issue for versions 10.2.0 through 10.4.1.