Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-32768 - Vulnerability Database
TYPO3

TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-32768

Medium
Reference: CVE-2021-32768
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-32768
Title: TYPO3 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse sanitize and encode malicious rich-text content the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag amp attribute combinations per default. In default scenarios a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users no authentication is required. Update to TYPO3 versions 7.6.53 ELTS 8.7.42 ELTS 9.5.29 10.4.19 11.3.2 that fix the problem described.