Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-34356 - Vulnerability Database
TYPO3

TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2024-34356

Medium
Reference: CVE-2024-34356
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-34356
Title: TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS 10.4.45 ELTS 11.5.37 LTS 12.4.15 LTS and 13.1.1 the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS 10.4.45 ELTS 11.5.37 LTS 12.4.15 LTS and 13.1.1 fix the problem described.