TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
References
Link | Resource |
---|---|
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 | Third Party Advisory |
https://packagist.org/packages/typo3/cms-form | Release Notes Third Party Advisory |
https://typo3.org/security/advisory/typo3-core-sa-2021-004 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Mar 2021, 18:24
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
CPE | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory | |
References | (MISC) https://packagist.org/packages/typo3/cms-form - Release Notes, Third Party Advisory | |
References | (CONFIRM) https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2 - Third Party Advisory | |
References | (MISC) https://typo3.org/security/advisory/typo3-core-sa-2021-004 - Vendor Advisory |
23 Mar 2021, 12:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CPE | ||
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
CPE | ||
CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
23 Mar 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-23 02:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-21358
Mitre link : CVE-2021-21358
CVE.ORG link : CVE-2021-21358
JSON object : View
Products Affected
typo3
- typo3
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')