VDB
KO
MEDIUM 6.1

GHSA-22q7-cg4r-p9mx

TYPO3 Cross-Site Scripting in Fluid ViewHelpers

Details

Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist / typo3/cms-fluid
Introduced in: 8.0.0 Fixed in: 8.7.23
Fix composer require typo3/cms-fluid:^8.7.23
Packagist / typo3/cms-fluid
Introduced in: 9.0.0 Fixed in: 9.5.4
Fix composer require typo3/cms-fluid:^9.5.4

References