CVE-2020-11065

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11065

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11065.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-11065

Aliases

Published

2020-05-13T23:15:11Z

Modified

2024-10-12T05:36:37.894349Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.

References

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864

Affected packages

Git / github.com/typo3/typo3.cms

Affected ranges

Type: GIT
Repo: https://github.com/typo3/typo3.cms
Events: Introduced

22dd17fa8e2b2bb28e29e47ed8de1a23d6dd27b3

Fixed

cf17e40087cd21faa6f9a12683631744d36f3f46

Affected versions

v10.*

v10.2.0

v10.3.0

v10.4.0

v10.4.1