CVE-2018-6905
N/A
N/A
Summary
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://forge.typo3.org/issues/84191
- http://www.securitytracker.com/id/1040755
- https://github.com/pradeepjairamani/TYPO3-XSS-POC
References
- https://forge.typo3.org/issues/84191
- http://www.securitytracker.com/id/1040755
- https://github.com/pradeepjairamani/TYPO3-XSS-POC
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.