VYPR
Moderate severityNVD Advisory· Published Apr 27, 2021· Updated Aug 3, 2024

Cross-Site Scripting in Content Rendering

CVE-2021-21365

Description

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
bk2k/bootstrap-packagePackagist
>= 7.1.0, < 7.1.27.1.2
bk2k/bootstrap-packagePackagist
>= 8.0.0, < 8.0.88.0.8
bk2k/bootstrap-packagePackagist
>= 9.0.0, < 9.0.49.0.4
bk2k/bootstrap-packagePackagist
>= 9.1.0, < 9.1.39.1.3
bk2k/bootstrap-packagePackagist
>= 10.0.0, < 10.0.1010.0.10
bk2k/bootstrap-packagePackagist
>= 11.0.0, < 11.0.311.0.3

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.