Описание
TYPO3 Cross-Site Scripting in Link Handling
It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink.
Ссылки
- https://github.com/TYPO3-CMS/core/commit/280908c9472aa5e1d9ee005327bbb9aed53f613a
- https://github.com/TYPO3-CMS/core/commit/89f5817c09a50d8d60821158d651bd618521164e
- https://github.com/TYPO3-CMS/core/commit/d2823a451d65ac59dd42ec54c92903d70d29c813
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2019-12-17-2.yaml
- https://typo3.org/security/advisory/typo3-core-sa-2019-022
Пакеты
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 10.0.0, < 10.2.1
10.2.1
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.30
8.7.30
Наименование
typo3/cms-core
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.5.12
9.5.12
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79