CVE-2020-11064
Cross-Site Scripting in TYPO3 CMS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.
En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que los atributos placeholder de HTML que contienen datos de otros registros de bases de datos son vulnerables a un ataque de tipo cross-site scripting. Es requerida una cuenta de usuario del back-end vĂ¡lida para explotar esta vulnerabilidad. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-30 CVE Reserved
- 2020-05-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 9.0.0 < 9.5.17 Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 < 9.5.17" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 10.0.0 < 10.4.2 Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 < 10.4.2" | - |
Affected
|