BIT-typo3-2022-31048

Import Source

https://github.com/bitnami/vulndb/tree/main/data/typo3/BIT-typo3-2022-31048.json

Aliases

CVE-2022-31048
GHSA-3r95-23jp-mhvg

Published

2024-03-06T11:09:29.481Z

Modified

2024-03-06T11:25:28.861Z

Details

TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

References

https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
https://typo3.org/security/advisory/typo3-core-sa-2022-003

Affected packages

Bitnami / typo3

Package

Name: typo3

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.7.47

Introduced

9.0.0

Fixed

9.5.35

Introduced

10.0.0

Fixed

10.4.29

Introduced

11.0.0

Fixed

11.5.11