All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:".
{ "github_reviewed_at": "2024-06-05T15:04:23Z", "severity": "MODERATE", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "nvd_published_at": null }