TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| typo3/cms-core(Packagist) | 9.0.0 | 9.5.23 | N/A |
| typo3/cms-core(Packagist) | 10.0.0 | 10.4.10 | N/A |
| typo3/cms-core(Packagist) | 8.7.0 | 8.7.38 | N/A |
| typo3/cms(Packagist) | 10.0.0 | 10.4.10 | N/A |
| typo3/cms(Packagist) | 9.0.0 | 9.5.23 | N/A |
| typo3/cms(Packagist) | 8.7.0 | 8.7.38 | N/A |
CVSS Metrics
