PT-2021-3863 · Typo3 · Typo3
Oliver Bartsch
·
Published
2021-07-20
·
Updated
2024-03-06
·
CVE-2021-32669
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 9.0.0 through 9.5.28
TYPO3 versions 10.0.0 through 10.4.17
TYPO3 versions 11.0.0 through 11.3.0
Description
The issue is related to the failure to properly encode settings for
backend layouts, making the corresponding grid view vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability.Recommendations
Update to TYPO3 version 9.5.29 to fix the issue.
Update to TYPO3 version 10.4.18 to fix the issue.
Update to TYPO3 version 11.3.1 to fix the issue.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3