PT-2020-12530 · Typo3 · Svg Sanitizer Extension For Typo3

Matteo Bonaker

Published

2020-05-13

Updated

2020-05-15

CVE-2020-11070

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SVG Sanitizer extension for TYPO3 versions prior to 1.0.3

Description The issue arises from the incorrect processing of slightly invalid or incomplete SVG markup, which is not properly sanitized. Despite the markup being invalid, it is still evaluated by browsers, leading to cross-site scripting.

Recommendations For versions prior to 1.0.3, update to version 1.0.3 as soon as possible to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-11070

GHSA-59CF-M7V5-WH5W

Affected Products

Svg Sanitizer Extension For Typo3

PT-2020-12530 · Typo3 · Svg Sanitizer Extension For Typo3

CVE-2020-11070

Weakness Enumeration

Related Identifiers

Affected Products

References · 5