TYPO3 is an open source PHP based web content management system. Versions 9.0.0 up to and including 9.5.28, 10.0.0 up to and including 10.4.17, and 11.0.0 up to and including 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 |