{"id":"GHSA-5gr6-97fv-52cc","summary":"Cross-Site Scripting in TYPO3 CMS","details":"Failing to properly encode user input, several places of the TYPO3 CMS are vulnerable to Cross-Site Scripting.","modified":"2024-12-02T05:41:05.452176Z","published":"2024-06-05T17:05:47Z","database_specific":{"severity":"MODERATE","nvd_published_at":null,"github_reviewed_at":"2024-06-05T17:05:47Z","github_reviewed":true,"cwe_ids":["CWE-79"]},"references":[{"type":"WEB","url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2017-02-28-2.yaml"},{"type":"PACKAGE","url":"https://github.com/TYPO3/typo3"},{"type":"WEB","url":"https://typo3.org/security/advisory/typo3-core-sa-2017-003"}],"affected":[{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.6.0"},{"fixed":"7.6.16"}]}],"versions":["7.6.0","7.6.1","7.6.10","7.6.11","7.6.12","7.6.13","7.6.14","7.6.15","7.6.2","7.6.3","7.6.4","7.6.5","7.6.6","7.6.7","7.6.8","7.6.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-5gr6-97fv-52cc/GHSA-5gr6-97fv-52cc.json"}},{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0.0"},{"fixed":"8.6.1"}]}],"versions":["8.0.0","8.0.1","8.1.0","8.1.1","8.1.2","8.2.0","8.2.1","8.3.0","8.3.1","8.4.0","8.4.1","8.5.0","8.5.1","8.6.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-5gr6-97fv-52cc/GHSA-5gr6-97fv-52cc.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}