CVE-2021-21340

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21340

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21340.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-21340

Aliases

Published

2021-03-23T02:15:12Z

Modified

2024-10-12T06:48:12.679612Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .

References

Affected packages

Git / github.com/typo3/typo3.cms

Affected ranges

Type: GIT
Repo: https://github.com/typo3/typo3.cms
Events: Introduced

6a5e2d4097ef0a0e3ea955af93cf83810d6fa234

Fixed

67471a2b5bf30acc0225fa0860e882c056c60547

Affected versions

v11.*

v11.0.0

v11.1.0