CVE-2021-21340

Summary

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as descriptionColumn are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .

Affected Software

VendorProductVersion RangeStatus
TYPO3TYPO3.CMS>= 10.0.0, <= 10.4.13affected
TYPO3TYPO3.CMS>= 11.0.0, <= 11.1.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References