CVE-2021-21370
packagist/typo3/cms-core
Cross-site Scripting
TYPO3 content elements of type _menu_
are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
All versions starting from 7.0.0 before 7.6.51, all versions starting from 8.0.0 before 8.7.40, all versions starting from 9.0.0 before 9.5.25, all versions starting from 10.0.0 before 10.4.14, all versions starting from 11.0.0 before 11.1.1
Upgrade to versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 or above.
2021-03-29
source |