← back
CVE-2020-11065

Cross-Site Scripting in TYPO3 CMS

CVSS 5.4 MEDIUMEPSS 0.5%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 May 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
TYPO3 · TYPO3 CMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864