CVE-2021-32667

Name of the Vulnerable Software and Affected Versions TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0

Description The issue is related to the implementation of the Page TSconfig configuration in the TYPO3 content management system, which fails to properly encode settings, making the corresponding page preview module vulnerable to persistent cross-site scripting attacks. A valid backend user account is required to exploit this vulnerability.

Recommendations For versions 9.0.0 through 9.5.28, update to version 9.5.29. For versions 10.0.0 through 10.4.17, update to version 10.4.18. For versions 11.0.0 through 11.3.0, update to version 11.3.1.