CVE-2020-26227: Cross-site Scripting

November 23, 2020 (updated December 1, 2020)

TYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers.

References

nvd.nist.gov/vuln/detail/CVE-2020-26227
typo3.org/security/advisory/typo3-core-sa-2020-010

Code Behaviors & Features

Detect and mitigate CVE-2020-26227 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →