EPSS
Percentile
33.8%
typo3 is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser using javascript: anddata: URL schemes.
javascript:
data:
typo3.org/cms/release-news/typo3-8-release-notes/
typo3.org/security/advisory/typo3-core-sa-2019-015/