{"id":"GHSA-85ch-44w7-rf32","summary":"TYPO3 Cross-Site Scripting in Fluid ViewHelpers","details":"Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting.","modified":"2024-12-04T05:40:50.491184Z","published":"2024-06-07T17:08:39Z","database_specific":{"nvd_published_at":null,"severity":"MODERATE","github_reviewed":true,"cwe_ids":["CWE-79"],"github_reviewed_at":"2024-06-07T17:08:39Z"},"references":[{"type":"WEB","url":"https://github.com/TYPO3/typo3/commit/732c4acfaeaa7fd193674cd4d1ca7e369e21b96f"},{"type":"WEB","url":"https://github.com/TYPO3/typo3/commit/c94f566514eaff62dd836541c99b438ac55f6842"},{"type":"WEB","url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-4.yaml"},{"type":"PACKAGE","url":"https://github.com/TYPO3/typo3"},{"type":"WEB","url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005"}],"affected":[{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0.0"},{"fixed":"8.7.23"}]}],"versions":["8.0.0","8.0.1","8.1.0","8.1.1","8.1.2","8.2.0","8.2.1","8.3.0","8.3.1","8.4.0","8.4.1","8.5.0","8.5.1","8.6.0","8.6.1","8.7.0","8.7.1","8.7.2","v8.7.10","v8.7.11","v8.7.12","v8.7.13","v8.7.14","v8.7.15","v8.7.16","v8.7.17","v8.7.18","v8.7.19","v8.7.20","v8.7.21","v8.7.22","v8.7.3","v8.7.4","v8.7.5","v8.7.6","v8.7.7","v8.7.8","v8.7.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-85ch-44w7-rf32/GHSA-85ch-44w7-rf32.json"}},{"package":{"name":"typo3/cms","ecosystem":"Packagist","purl":"pkg:composer/typo3/cms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9.0.0"},{"fixed":"9.5.4"}]}],"versions":["v9.0.0","v9.1.0","v9.2.0","v9.2.1","v9.3.0","v9.3.1","v9.3.2","v9.3.3","v9.4.0","v9.5.0","v9.5.1","v9.5.2","v9.5.3"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-85ch-44w7-rf32/GHSA-85ch-44w7-rf32.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}