GHSA-xgmx-j3hv-jh9x: TYPO3 Cross-Site Scripting in Link Handling
It has been discovered that t3:// URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-2.yaml
- github.com/TYPO3/typo3
- github.com/TYPO3/typo3/commit/25f796b94e23bac77e836bd38f53ce998c094901
- github.com/TYPO3/typo3/commit/64db88b9b61bb67b3b44145dc8e0e1ef251da45e
- github.com/TYPO3/typo3/commit/a35c42e9bcb020e16016d1c146354513a9856bc0
- github.com/advisories/GHSA-xgmx-j3hv-jh9x
- typo3.org/security/advisory/typo3-core-sa-2019-022
Detect and mitigate GHSA-xgmx-j3hv-jh9x with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →