Moderate severityNVD Advisory· Published Dec 12, 2023· Updated Oct 28, 2024

CVE-2023-28604

Description

The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sitegeist/fluid-componentsPackagist	< 3.5.0	3.5.0

Affected products

ghsa-coords
pkg:composer/sitegeist/fluid-components
Range: < 3.5.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-8648-h559-8h42ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-28604ghsaADVISORY
github.com/FriendsOfPHP/security-advisories/blob/master/sitegeist/fluid-components/CVE-2023-28604.yamlghsaWEB
github.com/sitegeist/fluid-components/blob/master/Documentation/XssIssue.mdghsaWEB
typo3.org/security/advisory/typo3-ext-sa-2023-003ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000