CVE-2025-48203: [clickstorm] SEO (cs_seo) TYPO3 extension Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the [clickstorm] SEO (cs_seo) TYPO3 extension allows backend users to execute arbitrary script via the JSON-LD output.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/clickstorm/cs-seo/CVE-2025-48203.yaml
- github.com/advisories/GHSA-6p8w-pc35-mqv8
- github.com/clickstorm/cs_seo
- github.com/clickstorm/cs_seo/commit/1cf6c40821102b1f1508fe4e76825569340c8f90
- nvd.nist.gov/vuln/detail/CVE-2025-48203
- typo3.org/security/advisory/typo3-ext-sa-2025-005
Code Behaviors & Features
Detect and mitigate CVE-2025-48203 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →