CVE-2021-32668

Name of the Vulnerable Software and Affected Versions TYPO3 versions 9.0.0 through 9.5.28 TYPO3 versions 10.0.0 through 10.4.17 TYPO3 versions 11.0.0 through 11.3.0

Description The issue is related to the components QueryGenerator and QueryView in the TYPO3 content management system, which are vulnerable to both reflected and persistent cross-site scripting when error messages are not properly encoded. A valid backend user account with administrator privileges is needed to exploit this issue.

Recommendations For versions 9.0.0 through 9.5.28, update to version 9.5.29. For versions 10.0.0 through 10.4.17, update to version 10.4.18. For versions 11.0.0 through 11.3.0, update to version 11.3.1. As a temporary workaround, consider restricting access to the QueryGenerator and QueryView components until a patch is applied.