Lucene search
Veracode Vulnerability DatabaseVERACODE:35999HistoryJun 15, 2022 - 9:27 a.m.
Cross-site Scripting (XSS)
2022-06-1509:27:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
cross-site scripting
typo3/cms-core
form framework
html content
malicious javascript
EPSS
0.001
Percentile
25.1%
typo3/cms-core is vulnerable to cross-site scripting(XSS) attacks. A malicious user with a valid backend user account is able to pass harmful HTML content via the form designer backend module of the form framework, allowing an attacker to execute malicious javascript on victim’s browser.
References
github.com/TYPO3/typo3/commit/3b16f036858ccdf3af8d7958fae7f449b6838bb9
github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
github.com/TYPO3/typo3/commit/f311198e8ecf687c0217749d07abebaf93a3152a
github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
typo3.org/security/advisory/typo3-core-sa-2022-003
Related
friendsofphp
friendsofphp
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
2022-06-14 07:11:36
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
2022-06-14 07:11:36
osv
osv
CVE-2022-31048
2022-06-14 21:15:16
BIT-typo3-2022-31048
2024-03-06 11:09:29
Cross-Site Scripting in TYPO3's Form Framework
2022-06-17 20:55:48
openvas
openvas
TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2022-003)
2022-06-15 00:00:00
github
github
Cross-Site Scripting in TYPO3's Form Framework
2022-06-17 20:55:48
nvd
nvd
CVE-2022-31048
2022-06-14 21:15:16
cve
cve
CVE-2022-31048
2022-06-14 21:15:16
prion
prion
Cross site scripting
2022-06-14 21:15:00
cvelist
cvelist
CVE-2022-31048 Cross-Site Scripting in Form Framework
2022-06-14 20:50:18