Описание
Cross-site Scripting in the yoast_seo TYPO3 extension
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
Пакеты
Наименование
yoast-seo-for-typo3/yoast_seo
composer
Затронутые версииВерсия исправления
< 7.2.3
7.2.3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 4 лет назад
The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS.