CVE-2021-32667
Last modified
CVE-2021-32667 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. EPSS estimates a 0.60% chance of exploitation in the next 30 days.
Description
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 9.0.0, <= 9.5.287 |
| Typo3 | Typo3 | >= 10.0.0, <= 10.4.17 |
| Typo3 | Typo3 | >= 11.0.0, <= 11.3.0 |
References
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wfThird Party Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2021-009Vendor Advisory
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wfThird Party Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2021-009Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32667?
How severe is CVE-2021-32667?
How do I fix CVE-2021-32667?
Are you affected by CVE-2021-32667?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST