The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| tpwd/ke_search(Packagist) | 5.0.0 | 5.0.2 | N/A |
| tpwd/ke_search(Packagist) | 4.1.0 | 4.6.6 | N/A |
| tpwd/ke_search(Packagist) | 0 | 4.0.3 | N/A |
CVSS Metrics
