PT-2022-23197 · Typo3 · Typo3
Oliver Hader
·
Published
2022-09-13
·
Updated
2024-03-06
·
CVE-2022-36107
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 7.6.58 ELTS
TYPO3 versions prior to 8.7.48 ELTS
TYPO3 versions prior to 9.5.37 ELTS
TYPO3 versions prior to 10.4.32
TYPO3 versions prior to 11.5.16
Description
The
FileDumpController component in TYPO3 is vulnerable to cross-site scripting when malicious files are displayed. A valid backend user account is needed to exploit this issue.Recommendations
Update to TYPO3 version 7.6.58 ELTS or later
Update to TYPO3 version 8.7.48 ELTS or later
Update to TYPO3 version 9.5.37 ELTS or later
Update to TYPO3 version 10.4.32 or later
Update to TYPO3 version 11.5.16 or later
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3