Cross-Site Scripting in third party library mso/idna-convert

2024-06-0515:02:40

Google

osv.dev

cross-site scripting

third party library

vendor directory

composer

web folder

document root

typo3_src

software

7 High

AI Score

Confidence

Low

JSON

Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3_src sources folder in the document root.

CPENameOperatorVersion
typo3/cmseq8.1.2
typo3/cmseq8.1.0
typo3/cmseq7.6.3
typo3/cmseq7.6.7
typo3/cmseq7.6.8
typo3/cmseq8.0.1
typo3/cmseq7.6.5
typo3/cmseq7.6.6
typo3/cmseq7.6.2
typo3/cmseq8.2.0

Name	Operator	Version
typo3/cms	eq	8.1.2
typo3/cms	eq	8.1.0
typo3/cms	eq	7.6.3
typo3/cms	eq	7.6.7
typo3/cms	eq	7.6.8
typo3/cms	eq	8.0.1
typo3/cms	eq	7.6.5
typo3/cms	eq	7.6.6
typo3/cms	eq	7.6.2
typo3/cms	eq	8.2.0

Rows per page:

1-10 of 161

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-7.yaml

typo3.org/security/advisory/typo3-core-sa-2016-020

7 High

AI Score

Confidence

Low

JSON