typo3/cms is vulnerable to cross-site scripting (XSS). The vulnerability is due to improper handling of file extensions containing malicious sequences in the output table listing, which requires access to the serverβs file system either directly or through synchronization to exploit.