EPSS
Percentile
26.2%
typo3/cms-core is vulnerable to cross-site scripting (XSS). The vulnerability exists through the lack of sanitization on the values of settings which are rendered through FormMananager/ViewModel.js.
settings
FormMananager/ViewModel.js
github.com/TYPO3/TYPO3.CMS/commit/11eb857edf62ac1c0f2874a19e04c05754a191d9
github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2
packagist.org/packages/typo3/cms-form
typo3.org/security/advisory/typo3-core-sa-2021-004