Cross-Site Scripting in TYPO3 CMS
CVE-2020-11064

5.4MEDIUM

Key Information:

Vendor: Typo3
Status: Typo3 Cms
Vendor: CVE Published:; 13 May 2020

What is CVE-2020-11064?

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2.

Affected Version(s)

TYPO3 CMS >= 9.0.0, < 9.5.17 < 9.0.0, 9.5.17

TYPO3 CMS >= 10.0.0, < 10.4.2 < 10.0.0, 10.4.2

References

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 13, 2020
Vulnerability Reserved
Mar 30, 2020

Typo3

What is CVE-2020-11064?

Affected Version(s)

References

CVSS V3.1

Timeline