PT-2022-20487 · Typo3 · Typo3
Christian Seifert
·
Published
2022-06-14
·
Updated
2024-03-06
·
CVE-2022-31049
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 9.5.34 ELTS
TYPO3 versions prior to 10.4.29
TYPO3 versions prior to 11.5.11
Description
The issue concerns user-submitted content not being properly encoded in HTML emails sent to users. The affected components are mail clients used to view those messages.
Recommendations
For versions prior to 9.5.34 ELTS, update to version 9.5.34 ELTS or later.
For versions prior to 10.4.29, update to version 10.4.29 or later.
For versions prior to 11.5.11, update to version 11.5.11 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3