GHSA-m8fw-p3cr-6jqc

Suggest an improvement
Source
https://github.com/advisories/GHSA-m8fw-p3cr-6jqc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-m8fw-p3cr-6jqc/GHSA-m8fw-p3cr-6jqc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m8fw-p3cr-6jqc
Aliases
Published
2023-07-25T19:11:43Z
Modified
2024-12-05T05:43:33.491197Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-Site Scripting in CKEditor4 WordCount Plugin
Details

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

The WordCount plugin (npm:ckeditor-wordcount-plugin) for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not active in the default configuration.

In default scenarios, exploiting this vulnerability requires a valid backend user account. However, if custom plugins are used on the website frontend, which accept and reflect rich-text content submitted by users, no authentication is required.

Solution

Update to TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30 that fix the problem described above.

Credits

Thanks to Sybille Peters who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.

References

  • TYPO3-CORE-SA-2023-004
  • https://github.com/w8tcha/CKEditor-WordCount-Plugin/security/advisories/GHSA-q9w4-w667-qqj4
Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T19:11:43Z"
}
References

Affected packages

Packagist / typo3/cms-rte-ckeditor

Package

Name
typo3/cms-rte-ckeditor
Purl
pkg:composer/typo3/cms-rte-ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.5.0
Fixed
9.5.42

Affected versions

v9.*

v9.5.0
v9.5.1
v9.5.2
v9.5.3
v9.5.4
v9.5.5
v9.5.6
v9.5.7
v9.5.8
v9.5.9
v9.5.10
v9.5.11
v9.5.12
v9.5.13
v9.5.14
v9.5.15
v9.5.16
v9.5.17
v9.5.18
v9.5.19
v9.5.20
v9.5.21
v9.5.22
v9.5.23
v9.5.24
v9.5.25
v9.5.26
v9.5.27
v9.5.28
v9.5.29
v9.5.30
v9.5.31

Packagist / typo3/cms-rte-ckeditor

Package

Name
typo3/cms-rte-ckeditor
Purl
pkg:composer/typo3/cms-rte-ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.0.0
Fixed
10.4.39

Affected versions

v10.*

v10.0.0
v10.1.0
v10.2.0
v10.2.1
v10.2.2
v10.3.0
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.14
v10.4.15
v10.4.16
v10.4.17
v10.4.18
v10.4.19
v10.4.20
v10.4.21
v10.4.22
v10.4.23
v10.4.24
v10.4.25
v10.4.26
v10.4.27
v10.4.28
v10.4.29
v10.4.30
v10.4.31
v10.4.32
v10.4.33
v10.4.34
v10.4.36
v10.4.37

Packagist / typo3/cms-rte-ckeditor

Package

Name
typo3/cms-rte-ckeditor
Purl
pkg:composer/typo3/cms-rte-ckeditor

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0
Fixed
11.5.30

Affected versions

v11.*

v11.0.0
v11.1.0
v11.1.1
v11.2.0
v11.3.0
v11.3.1
v11.3.2
v11.3.3
v11.4.0
v11.5.0
v11.5.1
v11.5.2
v11.5.3
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.20
v11.5.21
v11.5.22
v11.5.23
v11.5.24
v11.5.25
v11.5.26
v11.5.27
v11.5.28
v11.5.29