TYPO3 Cross-Site Scripting in link validator component · GHSA-cg4m-qjjp-7497 · GitHub Advisory Database · GitHub

TYPO3 Cross-Site Scripting in link validator component

Moderate severity GitHub Reviewed Published Jun 3, 2024 to the GitHub Advisory Database • Updated Jun 3, 2024

Package

typo3/cms (Composer)

Affected versions

>= 6.2.0, < 6.2.18

>= 7.6.0, < 7.6.3

Patched versions

6.2.18

7.6.3

Description

Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this vulnerability.

References

Published to the GitHub Advisory Database Jun 3, 2024

Reviewed Jun 3, 2024

Last updated Jun 3, 2024