Cross-Site Scripting Vulnerability in TYPO3 ns_backup Extension
CVE-2025-48206

6.1MEDIUM

Key Information:

Vendor: Typo3
Status: Ns Backup Extension
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-48206?

The ns_backup extension for TYPO3, up to version 13.0.0, is vulnerable to a Cross-Site Scripting (XSS) attack. This vulnerability could allow malicious users to execute arbitrary JavaScript code in the context of the affected TYPO3 site, potentially leading to theft of session cookies or redirecting users to malicious sites. Website administrators are urged to review their configurations and update to the latest version as soon as possible to mitigate this risk.

Affected Version(s)

ns backup extension 0 < 13.0.1

References

https://typo3.org/security/advisory/typo3-ext-sa-2025-007

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 17, 2025

Typo3

What is CVE-2025-48206?

Affected Version(s)

References

CVSS V3.1

Timeline