GHSA-v8m4-3w37-ghxx: TYPO3 Cross-Site Scripting in Form Framework validation handling
It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-1.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/966a0038c16c04d484c1703fba9fdc13f3e7a95c
- github.com/TYPO3/typo3/commit/9692bf83f8310cca17c9a968c4fe92ffe0deb59d
- github.com/TYPO3/typo3/commit/e971b012c837f1e64c1498b567ef6eec304febe5
- github.com/advisories/GHSA-v8m4-3w37-ghxx
- typo3.org/security/advisory/typo3-core-sa-2019-021
Detect and mitigate GHSA-v8m4-3w37-ghxx with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →