VYPR
Moderate severityNVD Advisory· Published Nov 23, 2020· Updated Aug 4, 2024

Cross-Site Scripting in Fluid view helpers

CVE-2020-26227

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
>= 9.0.0, < 9.5.239.5.23
typo3/cms-corePackagist
>= 10.0.0, < 10.4.1010.4.10
typo3/cms-corePackagist
>= 8.7.0, < 8.7.388.7.38
typo3/cmsPackagist
>= 10.0.0, < 10.4.1010.4.10
typo3/cmsPackagist
>= 9.0.0, < 9.5.239.5.23
typo3/cmsPackagist
>= 8.7.0, < 8.7.388.7.38

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.