CVE-2023-28604: Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting
(updated )
All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project’s Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/sitegeist/fluid-components/CVE-2023-28604.yaml
- github.com/advisories/GHSA-8648-h559-8h42
- github.com/sitegeist/fluid-components
- github.com/sitegeist/fluid-components/blob/master/Documentation/XssIssue.md
- nvd.nist.gov/vuln/detail/CVE-2023-28604
- typo3.org/security/advisory/typo3-ext-sa-2023-003
Detect and mitigate CVE-2023-28604 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →