CVE-2021-32668
Cross-Site Scripting in Query Generator & Query View
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
TYPO3 es un sistema de administración de contenidos web de código abierto basado en PHP. Unas versiones 9.0.0 hasta 9.5.28, versiones 10.0.0 hasta 10.4.17 y versiones 11.0.0 hasta 11.3.0, presentan una vulnerabilidad de tipo cross-site scripting. Cuando los mensajes de error no son codificados apropiadamente, los componentes _QueryGenerator_ y _QueryView_ son vulnerables a un ataque de tipo cross-site scripting reflejado y persistente. Es necesaria una cuenta de usuario backend válida con privilegios de administrador para explotar esta vulnerabilidad. TYPO3 versiones 9.5.29, 10.4.18 y 11.3.1, contienen un parche para este problema
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-07-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://typo3.org/security/advisory/typo3-core-sa-2021-010 | 2021-07-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 8.0.0 <= 8.7.40 Search vendor "Typo3" for product "Typo3" and version " >= 8.0.0 <= 8.7.40" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 9.0.0 <= 9.5.28 Search vendor "Typo3" for product "Typo3" and version " >= 9.0.0 <= 9.5.28" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 10.0.0 <= 10.4.17 Search vendor "Typo3" for product "Typo3" and version " >= 10.0.0 <= 10.4.17" | - |
Affected
| ||||||
Typo3 Search vendor "Typo3" | Typo3 Search vendor "Typo3" for product "Typo3" | >= 11.0.0 <= 11.3.0 Search vendor "Typo3" for product "Typo3" and version " >= 11.0.0 <= 11.3.0" | - |
Affected
|