Name of the Vulnerable Software and Affected Versions Typo3 (affected versions not specified)

Description The issue concerns cross-site scripting vulnerabilities in two separate areas. Firstly, the typolink functionality in the website's frontend incorrectly parses values assigned to HTML attributes in link tags, which can be exploited with a valid backend user account. Secondly, in the filelist module of the backend user interface, error messages displayed after attempting to rename a file with a malicious name are not properly encoded, making them vulnerable to cross-site scripting, also requiring a valid backend user account for exploitation.

Recommendations For the typolink functionality issue, consider restricting access to the frontend until a proper fix is applied. For the filelist module issue, as a temporary workaround, consider disabling the file renaming functionality in the backend user interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.