CVE-2024-34356
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.
TYPO3 es un sistema de gestión de contenidos empresariales. A partir de la versión 9.0.0 y anteriores a las versiones 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS y 13.1.1, el módulo backend del administrador de formularios es vulnerable a Cross Site Scripting. Para explotar esta vulnerabilidad se requiere una cuenta de usuario de backend válida con acceso al módulo de formulario. Las versiones de TYPO3 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS y 13.1.1 solucionan el problema descrito.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-05-02 CVE Reserved
- 2024-05-14 CVE Published
- 2024-05-15 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156 | X_refsource_misc | |
https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5 | X_refsource_misc | |
https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64 | X_refsource_misc | |
https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3 | X_refsource_confirm | |
https://typo3.org/security/advisory/typo3-core-sa-2024-008 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
TYPO3 Search vendor "TYPO3" | Typo3 Search vendor "TYPO3" for product "Typo3" | >= 9.0.0 < 9.5.48 Search vendor "TYPO3" for product "Typo3" and version " >= 9.0.0 < 9.5.48" | en |
Affected
| ||||||
TYPO3 Search vendor "TYPO3" | Typo3 Search vendor "TYPO3" for product "Typo3" | >= 10.0.0 < 10.4.45 Search vendor "TYPO3" for product "Typo3" and version " >= 10.0.0 < 10.4.45" | en |
Affected
| ||||||
TYPO3 Search vendor "TYPO3" | Typo3 Search vendor "TYPO3" for product "Typo3" | >= 11.0.0 < 11.5.37 Search vendor "TYPO3" for product "Typo3" and version " >= 11.0.0 < 11.5.37" | en |
Affected
| ||||||
TYPO3 Search vendor "TYPO3" | Typo3 Search vendor "TYPO3" for product "Typo3" | >= 12.0.0 < 12.4.15 Search vendor "TYPO3" for product "Typo3" and version " >= 12.0.0 < 12.4.15" | en |
Affected
| ||||||
TYPO3 Search vendor "TYPO3" | Typo3 Search vendor "TYPO3" for product "Typo3" | >= 13.0.0 < 13.1.1 Search vendor "TYPO3" for product "Typo3" and version " >= 13.0.0 < 13.1.1" | en |
Affected
|