CVE-2021-21358

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-21358

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21358.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-21358

Aliases

Published

2021-03-23T02:15:12Z

Modified

2024-06-06T13:25:08.049234Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.

References

Affected packages

Git / github.com/typo3/typo3.cms

Affected ranges

Type: GIT
Repo: https://github.com/typo3/typo3.cms
Events: Introduced

6a5e2d4097ef0a0e3ea955af93cf83810d6fa234

Fixed

67471a2b5bf30acc0225fa0860e882c056c60547

Affected versions

v11.*

v11.0.0

v11.1.0