CVE-2020-26227
- Source
- https://cve.org/CVERecord?id=CVE-2020-26227
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26227.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-26227
- Aliases
- Published
- 2020-11-23T21:15:12.047Z
- Modified
- 2026-03-10T23:31:10.851951835Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
- References
Affected packages
Git / github.com/typo3/typo3.cms
Affected versions
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v9.*
v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
v9.5.1
v9.5.10
v9.5.11
v9.5.12
v9.5.13
v9.5.14
v9.5.15
v9.5.16
v9.5.17
v9.5.18
v9.5.19
v9.5.2
v9.5.20
v9.5.21
v9.5.22
v9.5.3
v9.5.4
v9.5.5
v9.5.6
v9.5.7
v9.5.8
v9.5.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26227.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "6.2.0"
},
{
"fixed": "6.2.54"
}
]
},
{
"events": [
{
"introduced": "7.6.0"
},
{
"fixed": "7.6.48"
}
]
},
{
"events": [
{
"introduced": "8.7.0"
},
{
"fixed": "8.7.38"
}
]
}
]