Oliver Bartsch

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 **Description** The issue is related to the failure to properly encode settings for ` backend layouts`, making the corresponding grid view vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. **Recommendations** Update to TYPO3 version 9.5.29 to fix the issue. Update to TYPO3 version 10.4.18 to fix the issue. Update to TYPO3 version 11.3.1 to fix the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0 **Description** The issue is related to the implementation of the Page TSconfig configuration in the TYPO3 content management system, which fails to properly encode settings, making the corresponding page preview module vulnerable to persistent cross-site scripting attacks. A valid backend user account is required to exploit this vulnerability. **Recommendations** For versions 9.0.0 through 9.5.28, update to version 9.5.29. For versions 10.0.0 through 10.4.17, update to version 10.4.18. For versions 11.0.0 through 11.3.0, update to version 11.3.1.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions prior to 7.6.51 TYPO3 versions prior to 8.7.40 TYPO3 versions prior to 9.5.25 TYPO3 versions prior to 10.4.14 TYPO3 versions prior to 11.1.1 **Description** The issue concerns content elements of type menu being vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. **Recommendations** Update to version 7.6.51 to resolve the issue. Update to version 8.7.40 to resolve the issue. Update to version 9.5.25 to resolve the issue. Update to version 10.4.14 to resolve the issue. Update to version 11.1.1 to resolve the issue.