CVE-2021-32669

Published: Jul 20, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.

Affected (4)

Products: Typo3: Typo3

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Typo3 Typo3	From 10.0.0 to 10.4.17
Typo3 Typo3	From 11.0.0 to 11.3.0
Typo3 Typo3	From 8.0.0 to 8.7.40
Typo3 Typo3	From 9.0.0 to 9.5.28

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw

Source: security-advisories@github.com

Third Party Advisory

https://typo3.org/security/advisory/typo3-core-sa-2021-011

Source: security-advisories@github.com

Vendor Advisory

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://typo3.org/security/advisory/typo3-core-sa-2021-011

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.