EPSS
Percentile
31.4%
typo3/cms-core is vulnerable to XML external entities (XXE). The vulnerability exists as the libxml object in getRssItems() of RssWidget.php does not disable external entities…
getRssItems()
RssWidget.php
github.com/advisories/GHSA-q9cp-mc96-m4w2
github.com/TYPO3/TYPO3.CMS/commit/73a7a902eb8a61ef2f6b70891fbff6bc61b5d13f
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-q9cp-mc96-m4w2
typo3.org/security/advisory/typo3-core-sa-2020-012