Cross-Site Scripting (XSS) vulnerability in typolinks · GHSA-p5c5-gmj4-g48f · GitHub Advisory Database · GitHub

Cross-Site Scripting (XSS) vulnerability in typolinks

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

typo3/cms (Composer)

Affected versions

>= 6.2.0, < 6.2.26

>= 7.6.0, < 7.6.10

>= 8.0.0, < 8.2.1

Patched versions

6.2.26

7.6.10

8.2.1

Description

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:".

References

Published to the GitHub Advisory Database Jun 5, 2024

Reviewed Jun 5, 2024

Last updated Jun 5, 2024