CVE-2023-26091

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/frappant/frp-form-answers

Identifiers

GHSA-q3r2-23r8-wqr9, CVE-2023-26091

Package Slug

packagist/frappant/frp-form-answers

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The frpformanswers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.

Affected Versions

All versions before 3.1.2, all versions starting from 4.0.0 before 4.0.2

Solution

Upgrade to versions 3.1.2, 4.0.2 or above.

Last Modified

2023-03-09

source