Typo3 XSS Vulnerabilities
Low severity
GitHub Reviewed
Published
May 14, 2022
to the GitHub Advisory Database
•
Updated Feb 5, 2024
Package
Affected versions
>= 4.5.0, <= 4.5.33
>= 4.7.0, <= 4.7.18
>= 6.0.0, <= 6.0.13
>= 6.1.0, <= 6.1.8
>= 6.2.0, < 6.2.3
Patched versions
4.5.34
4.7.19
6.0.14
6.1.9
6.2.3
Description
Published by the National Vulnerability Database
Jun 3, 2014
Published to the GitHub Advisory Database
May 14, 2022
Reviewed
Aug 16, 2023
Last updated
Feb 5, 2024
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.
References