BIT-typo3-2020-11065

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/typo3/BIT-typo3-2020-11065.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-typo3-2020-11065
Aliases
Published
2024-03-06T11:12:03.206Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.

Database specific
{
    "cpes": [
        "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / typo3

Package

Name
typo3
Purl
pkg:bitnami/typo3

Severity

  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
9.5.12
Fixed
9.5.17
Introduced
10.2.0
Fixed
10.4.2