VYPR

Packagist (Composer) package

typo3fluid/fluid

pkg:composer/typo3fluid/fluid

Vulnerabilities (2)

  • CVE-2020-26216Nov 17, 2020
    affected >= 2.0.0, < 2.0.8fixed 2.0.8

    TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating key

  • CVE-2020-15241Oct 8, 2020
    affected >= 2.0.0, < 2.0.5fixed 2.0.5

    TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versio