CVE-2019-12748
Description
TYPO3 versions 8.3.0-8.7.26 and 9.0.0-9.5.7 are vulnerable to cross-site scripting (XSS) attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TYPO3 versions 8.3.0-8.7.26 and 9.0.0-9.5.7 are vulnerable to cross-site scripting (XSS) attacks.
CVE-2019-12748 is a cross-site scripting (XSS) vulnerability in TYPO3 versions 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 [1]. The vulnerability arises from insufficient input sanitization, allowing an attacker to inject malicious scripts.
Exploitation can be achieved by sending crafted input that bypasses the application's filtering mechanisms. The attack does not require authentication if the attacker can trick a user into interacting with a malicious link or content [1].
Successful XSS can lead to arbitrary script execution in the victim's browser, potentially resulting in data theft, session hijacking, or site defacement.
TYPO3 has addressed this issue in security advisory TYPO3-CORE-SA-2019-015 [2]. Users are advised to update to the latest patched versions to mitigate the risk.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-corePackagist | >= 8.0.0, < 8.7.27 | 8.7.27 |
typo3/cms-corePackagist | >= 9.0.0, < 9.5.8 | 9.5.8 |
typo3/cmsPackagist | >= 8.0.0, < 8.7.27 | 8.7.27 |
typo3/cmsPackagist | >= 9.0.0, < 9.5.8 | 9.5.8 |
Affected products
3- TYPO3/TYPO3description
- ghsa-coords2 versions
>= 8.0.0, < 8.7.27+ 1 more
- (no CPE)range: >= 8.0.0, < 8.7.27
- (no CPE)range: >= 8.0.0, < 8.7.27
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
7- github.com/advisories/GHSA-r6fv-56gp-j3r4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-12748ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yamlghsaWEB
- typo3.org/cms/release-news/typo3-8-release-notesghsaWEB
- typo3.org/security/advisory/typo3-core-sa-2019-015ghsaWEB
- typo3.org/security/advisory/typo3-core-sa-2019-015/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.