CVE-2021-32669

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32669

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32669.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32669

Aliases

Published

2021-07-20T16:15:07.793Z

Modified

2026-05-28T04:06:43.853735920Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for backend layouts are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.

Database specific

{
    "unresolved_ranges": [
        {
            "vendor_product": "typo3:typo3",
            "cpes": [
                "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.7.40"
                },
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.7.40"
                },
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.7.40"
                }
            ],
            "source": "CPE_RANGE"
        }
    ]
}

References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type

GIT

Repo

https://github.com/typo3/typo3

Events

Introduced

41235ff8e38c6f3401df03ae8beddd62d662c525

Last affected

860158afc7f8aceb8eb39495e37c80a6252ed1eb

Introduced

c91b70e450c52d29ffb08115fffbb7832b15a330

Last affected

fe16eeb92d49edc5e79041dd949bc68cf66dfdce

Introduced

6a5e2d4097ef0a0e3ea955af93cf83810d6fa234

Last affected

5f11a2c94ea85f0401b0e00ec962368aa312ea1f

Database specific

{
    "cpe": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "9.0.0"
        },
        {
            "last_affected": "9.5.28"
        },
        {
            "introduced": "10.0.0"
        },
        {
            "last_affected": "10.4.17"
        },
        {
            "introduced": "11.0.0"
        },
        {
            "last_affected": "11.3.0"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v10.*

v10.0.0

v10.1.0

v10.2.0

v10.3.0

v10.4.0

v10.4.1

v10.4.10

v10.4.11

v10.4.12

v10.4.13

v10.4.14

v10.4.15

v10.4.16

v10.4.17

v10.4.2

v10.4.3

v10.4.4

v10.4.5

v10.4.6

v10.4.7

v10.4.8

v10.4.9

v11.*

v11.0.0

v11.1.0

v11.2.0

v11.3.0

v9.*

v9.0.0

v9.1.0

v9.2.0

v9.3.0

v9.4.0

v9.5.0

v9.5.1

v9.5.10

v9.5.11

v9.5.12

v9.5.13

v9.5.14

v9.5.15

v9.5.16

v9.5.17

v9.5.18

v9.5.19

v9.5.2

v9.5.20

v9.5.21

v9.5.22

v9.5.23

v9.5.24

v9.5.25

v9.5.26

v9.5.27

v9.5.28

v9.5.3

v9.5.4

v9.5.5

v9.5.6

v9.5.7

v9.5.8

v9.5.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32669.json"