TYPO3 Cross-Site Scripting in Filelist Module
Moderate severity
GitHub Reviewed
Published
Jun 7, 2024
to the GitHub Advisory Database
•
Updated Jun 7, 2024
Package
Affected versions
>= 10.0.0, < 10.2.1
>= 8.0.0, < 8.7.30
>= 9.0.0, < 9.5.12
Patched versions
10.2.1
8.7.30
9.5.12
Description
Published to the GitHub Advisory Database
Jun 7, 2024
Reviewed
Jun 7, 2024
Last updated
Jun 7, 2024
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences.
Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability.
References