GHSA-8648-h559-8h42

Source

https://github.com/advisories/GHSA-8648-h559-8h42

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-8648-h559-8h42/GHSA-8648-h559-8h42.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8648-h559-8h42

Aliases

CVE-2023-28604

Published

2023-03-27T21:48:40Z

Modified

2024-10-29T14:47:35.314966Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting

Details

All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup.

Database specific

{
    "nvd_published_at": "2023-12-12T17:15:07Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-27T21:48:40Z"
}

References

Affected packages

Packagist / sitegeist/fluid-components

Package

Name: sitegeist/fluid-components
Purl: pkg:composer/sitegeist/fluid-components

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.0

Affected versions

v1.*

v1.0.0

1.*

1.0.1

1.1.0

1.1.1

1.1.2

1.2.0

1.3.0

2.*

2.0.0

2.0.1

2.1.0

2.2.0

2.3.0

2.4.0

2.4.1

2.5.0

2.5.1

3.*

3.0.0

3.1.0

3.1.1

3.2.0

3.3.0

3.4.0

3.4.1

3.4.2

3.4.3