Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-11064 - Vulnerability Database
TYPO3

TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-11064

Medium
Reference: CVE-2020-11064
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-11064
Title: TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2 it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.