Cross-Site Scripting Vulnerability in TYPO3 CMS
CVE-2026-47348
5.1MEDIUM
What is CVE-2026-47348?
A vulnerability has been identified in TYPO3 CMS that allows editors with permissions to modify page content to introduce unsanitized HTML markup into page titles. This markup, which is then indexed, can lead to Cross-Site Scripting (XSS) when rendered in frontend search results via the Indexed Search plugin. Specifically, affected TYPO3 CMS versions include 13.0.0 through 13.4.30 and 14.0.0 through 14.3.2, highlighting a significant risk for websites using these versions without appropriate safeguards.
Affected Version(s)
TYPO3 CMS 13.0.0 < 13.4.31
TYPO3 CMS 14.0.0 < 14.3.3
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jan Kahmen
Sanjay Singh Jhala
Oliver Hader
