CVE-2021-21370

Summary

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

Affected Software

VendorProductVersion RangeStatus
TYPO3TYPO3.CMS>= 7.0.0, <= 7.6.50affected
TYPO3TYPO3.CMS>= 8.0.0, <= 8.7.39affected
TYPO3TYPO3.CMS>= 9.0.0, <= 9.5.24affected
TYPO3TYPO3.CMS>= 10.0.0, <= 10.4.13affected
TYPO3TYPO3.CMS>= 11.0.0, <= 11.1.0affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References