CVE-2021-21370
Cross-Site Scripting in Content Preview (CType menu)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.
TYPO3 es un sistema de gestión de contenidos web de código abierto basado en PHP. En TYPO3 versiones anteriores a la 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 se ha descubierto que los elementos de contenido de tipo _menu_ son vulnerables al cross-site scripting cuando sus elementos referenciados se previsualizan en el módulo de página. Se necesita una cuenta de usuario válida para explotar esta vulnerabilidad. Esto se ha corregido en las versiones 7.6.51, 8.7.40, 9.5.25, 10.4.14 y 11.1.1
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-22 CVE Reserved
- 2021-03-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh | Third Party Advisory | |
https://packagist.org/packages/typo3/cms-backend | Release Notes |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://typo3.org/security/advisory/typo3-core-sa-2021-008 | 2021-03-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 7.0.0 < 7.6.51 Search vendor "Typo3" for product "Typo3" and version " >= 7.0.0 < 7.6.51" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 8.0.0 < 8.7.40 Search vendor "Typo3" for product "Typo3" and version " >= 8.0.0 < 8.7.40" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 9.0.0 < 9.5.25 Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 < 9.5.25" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 10.0.0 < 10.4.14 Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 < 10.4.14" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 11.0.0 < 11.1.1 Search vendor "Typo3" for product "Typo3" and version " >= 11.0.0 < 11.1.1" | - |
Affected
|