VYPR
Moderate severityNVD Advisory· Published Mar 23, 2021· Updated Aug 3, 2024

Cross-Site Scripting in Content Preview

CVE-2021-21340

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-backendPackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cms-backendPackagist
>= 11.0.0, < 11.1.111.1.1
typo3/cms-corePackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cms-corePackagist
>= 11.0.0, < 11.1.111.1.1
typo3/cmsPackagist
>= 10.0.0, < 10.4.1410.4.14
typo3/cmsPackagist
>= 11.0.0, < 11.1.111.1.1

Affected products

5

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.