Moderate severityNVD Advisory· Published Feb 26, 2023· Updated Mar 11, 2025
CVE-2023-26091
CVE-2023-26091
Description
The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
frappant/frp-form-answersPackagist | < 3.1.2 | 3.1.2 |
frappant/frp-form-answersPackagist | >= 4.0.0, < 4.0.2 | 4.0.2 |
Affected products
2- TYPO3/Forms Exportdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-q3r2-23r8-wqr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26091ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/frappant/frp-form-answers/CVE-2023-26091.yamlghsaWEB
- github.com/frappant/frp_form_answers/commit/39fa16c8c792abdfc33e38bae17847364ff6a71dghsaWEB
- typo3.org/help/security-advisoriesghsaWEB
- typo3.org/security/advisory/typo3-ext-sa-2023-002ghsaWEB
News mentions
0No linked articles in our index yet.