CVE-2021-21365

Name of the Vulnerable Software and Affected Versions Bootstrap Package versions 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3

Description The Bootstrap Package for TYPO3 has a cross-site scripting issue when rendering content in the website frontend. A valid backend user account is required to exploit this issue. The affected templates include Resources/Private/Partials/ContentElements/Carousel/Item/CallToAction.html, Resources/Private/Partials/ContentElements/Carousel/Item/Header.html, Resources/Private/Partials/ContentElements/Carousel/Item/Text.html, Resources/Private/Partials/ContentElements/Carousel/Item/TextAndImage.html, and Resources/Private/Partials/ContentElements/Header/SubHeader.html.

Recommendations Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package to fix the issue. Users who have overwritten the affected templates with custom code must manually apply the security fix. As a temporary workaround, consider restricting access to the affected templates until the issue is resolved.