GHSA-4h5c-5g25-v7fh: TYPO3 Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site scripting.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-6.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/79528f75e23c2832db321f36d777c1427553f764
- github.com/TYPO3/typo3/commit/a0c4348188559596f292ea03983171bde29d9870
- github.com/advisories/GHSA-4h5c-5g25-v7fh
- typo3.org/security/advisory/typo3-core-sa-2019-007
Detect and mitigate GHSA-4h5c-5g25-v7fh with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →