Cross-Site Scripting (XSS) in TYPO3 component CSS styled content · GHSA-8j9v-4hhh-x43c · GitHub Advisory Database · GitHub

Cross-Site Scripting (XSS) in TYPO3 component CSS styled content

Moderate severity GitHub Reviewed Published Jun 4, 2024 to the GitHub Advisory Database • Updated Jun 4, 2024

Package

typo3/cms (Composer)

Affected versions

>= 6.2.0, < 6.2.19

>= 7.6.0, < 7.6.4

Patched versions

6.2.19

7.6.4

Description

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

References

Published to the GitHub Advisory Database Jun 4, 2024

Reviewed Jun 4, 2024

Last updated Jun 4, 2024