Lucene search

GitHub Advisory DatabaseGHSA-HW6C-6GWQ-3M3M

HistoryMay 14, 2024 - 8:13 p.m.

TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController

2024-05-1420:13:25

CWE-79

GitHub Advisory Database

github.com

typo3

cross-site scripting

showimagecontroller

update

elts

lts

security advisory

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

15.7%

JSON

Problem

Failing to properly encode user-controlled values in file entities, the ShowImageController (eID tx_cms_showpic) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities.

Solution

Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.

Credits

Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

References

TYPO3-CORE-SA-2024-009

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange≤13.1.0

typo3cms_poll_system_extensionRange≤12.4.14

typo3cms_poll_system_extensionRange≤11.5.36

typo3cms_poll_system_extensionRange≤10.4.44

typo3cms_poll_system_extensionRange≤9.5.47

CPENameOperatorVersion
typo3/cms-corele13.1.0
typo3/cms-corele12.4.14
typo3/cms-corele11.5.36
typo3/cms-corele10.4.44
typo3/cms-corele9.5.47

Name	Operator	Version
typo3/cms-core	le	13.1.0
typo3/cms-core	le	12.4.14
typo3/cms-core	le	11.5.36
typo3/cms-core	le	10.4.44
typo3/cms-core	le	9.5.47