Name of the Vulnerable Software and Affected Versions Typo3 (affected versions not specified)

Description The issue arises from improper encoding of user input, making the login status display susceptible to cross-site scripting in the website frontend. To exploit this, an attacker would need a valid user account, which could be either a backend user or a frontend user with the ability to modify their user profile. Specifically, template patterns are affected, including FEUSER [fieldName] using the system extension felogin and <!--USERNAME--> for regular frontend rendering, where the pattern can be individually defined using TypoScript setting config.USERNAME substToken.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.