CVE-2020-8091

Name of the Vulnerable Software and Affected Versions TYPO3 versions 6.2.0 through 6.2.38 ELTS TYPO3 versions 7.0.0 through 7.1.0

Description The issue allows an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This is due to a vulnerable external component included in the software. The attack may target a system at a contrib/websvg/svg.swf pathname.

Recommendations For TYPO3 versions 6.2.0 through 6.2.38 ELTS, update to a version that does not include the vulnerable external component. For TYPO3 versions 7.0.0 through 7.1.0, update to a version that does not include the vulnerable external component. As a temporary workaround, consider restricting access to the contrib/websvg/svg.swf file to minimize the risk of exploitation.