CVE-2021-21340

Опубликовано: 23 мар. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .

Ссылки

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92
Third Party Advisory
https://packagist.org/packages/typo3/cms-backend
Release Notes
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2021-007
Vendor Advisory
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92
Third Party Advisory
https://packagist.org/packages/typo3/cms-backend
Release Notes
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2021-007
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.4.14 (исключая)

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.1.1 (исключая)

EPSS

Процентиль: 59%

0.00379

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-fjh3-g8gq-9q92