PT-2020-12526 · Typo3 · Typo3/Cms
Josef Glatz
·
Published
2020-05-13
·
Updated
2024-03-06
·
CVE-2020-11065
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 CMS versions 9.5.12 through 9.5.16
TYPO3 CMS versions 10.2.0 through 10.4.1
Description
The issue concerns link tags generated by
typolink functionality, which are vulnerable to cross-site scripting. Properties being assigned as HTML attributes have not been parsed correctly.Recommendations
Update to version 9.5.17 to resolve the issue for versions 9.5.12 through 9.5.16.
Update to version 10.4.2 to resolve the issue for versions 10.2.0 through 10.4.1.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3/Cms