Описание
TYPO3 Cross-Site Scripting in Form Framework validation handling
It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.
Ссылки
- https://github.com/TYPO3/typo3/commit/966a0038c16c04d484c1703fba9fdc13f3e7a95c
- https://github.com/TYPO3/typo3/commit/9692bf83f8310cca17c9a968c4fe92ffe0deb59d
- https://github.com/TYPO3/typo3/commit/e971b012c837f1e64c1498b567ef6eec304febe5
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-1.yaml
- https://typo3.org/security/advisory/typo3-core-sa-2019-021
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 10.0.0, < 10.2.1
10.2.1
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 8.0.0, < 8.7.30
8.7.30
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 9.0.0, < 9.5.12
9.5.12
6.1 Medium
CVSS3
Дефекты
CWE-79
6.1 Medium
CVSS3
Дефекты
CWE-79