PT-2022-20486 · Typo3 · Typo3

Gabe Troyan

Published

2022-06-14

Updated

2024-03-06

CVE-2022-31048

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 8.7.47 ELTS TYPO3 versions prior to 9.5.34 ELTS TYPO3 versions prior to 10.4.29 TYPO3 versions prior to 11.5.11

Description The Form Designer backend module of the Form Framework in TYPO3 is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this issue.

Recommendations Update to TYPO3 version 8.7.47 ELTS or later Update to TYPO3 version 9.5.34 ELTS or later Update to TYPO3 version 10.4.29 or later Update to TYPO3 version 11.5.11 or later

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-TYPO3-2022-31048

CVE-2022-31048

GHSA-3R95-23JP-MHVG

Affected Products

Typo3

PT-2022-20486 · Typo3 · Typo3

CVE-2022-31048

Weakness Enumeration

Related Identifiers

Affected Products

References · 12