PT-2021-14453 · Typo3 · Typo3
Oliver Bartsch
·
Published
2021-03-23
·
Updated
2024-03-06
·
CVE-2021-21370
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 7.6.51
TYPO3 versions prior to 8.7.40
TYPO3 versions prior to 9.5.25
TYPO3 versions prior to 10.4.14
TYPO3 versions prior to 11.1.1
Description
The issue concerns content elements of type menu being vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
Recommendations
Update to version 7.6.51 to resolve the issue.
Update to version 8.7.40 to resolve the issue.
Update to version 9.5.25 to resolve the issue.
Update to version 10.4.14 to resolve the issue.
Update to version 11.1.1 to resolve the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3