BIT-typo3-2021-32668

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/typo3/BIT-typo3-2021-32668.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-typo3-2021-32668
Aliases
Published
2024-03-06T11:10:40.486Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components QueryGenerator and QueryView are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.

Database specific
{
    "cpes": [
        "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / typo3

Package

Name
typo3
Purl
pkg:bitnami/typo3

Severity

  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.0.0
Fixed
8.7.40
Introduced
9.0.0
Fixed
9.5.28
Introduced
10.0.0
Fixed
10.4.17
Introduced
11.0.0
Fixed
11.3.0