CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15241

TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.0%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 4.3

References

Products affected by CVE-2020-15241

Typo3 » Fluid Engine » Version: 1.0.0

cpe:2.3:a:typo3:fluid_engine:1.0.0
Typo3 » Fluid Engine » Version: 1.0.1

cpe:2.3:a:typo3:fluid_engine:1.0.1
Typo3 » Fluid Engine » Version: 1.0.10

cpe:2.3:a:typo3:fluid_engine:1.0.10
Typo3 » Fluid Engine » Version: 1.0.11

cpe:2.3:a:typo3:fluid_engine:1.0.11
Typo3 » Fluid Engine » Version: 1.0.2

cpe:2.3:a:typo3:fluid_engine:1.0.2
Typo3 » Fluid Engine » Version: 1.0.3

cpe:2.3:a:typo3:fluid_engine:1.0.3
Typo3 » Fluid Engine » Version: 1.0.4

cpe:2.3:a:typo3:fluid_engine:1.0.4
Typo3 » Fluid Engine » Version: 1.0.5

cpe:2.3:a:typo3:fluid_engine:1.0.5
Typo3 » Fluid Engine » Version: 1.0.6

cpe:2.3:a:typo3:fluid_engine:1.0.6
Typo3 » Fluid Engine » Version: 1.0.7

cpe:2.3:a:typo3:fluid_engine:1.0.7
Typo3 » Fluid Engine » Version: 1.0.8

cpe:2.3:a:typo3:fluid_engine:1.0.8
Typo3 » Fluid Engine » Version: 1.0.9

cpe:2.3:a:typo3:fluid_engine:1.0.9
Typo3 » Fluid Engine » Version: 1.1.0

cpe:2.3:a:typo3:fluid_engine:1.1.0
Typo3 » Fluid Engine » Version: 1.1.1

cpe:2.3:a:typo3:fluid_engine:1.1.1
Typo3 » Fluid Engine » Version: 1.1.2

cpe:2.3:a:typo3:fluid_engine:1.1.2
Typo3 » Fluid Engine » Version: 2.0.0

cpe:2.3:a:typo3:fluid_engine:2.0.0
Typo3 » Fluid Engine » Version: 2.0.1

cpe:2.3:a:typo3:fluid_engine:2.0.1
Typo3 » Fluid Engine » Version: 2.0.2

cpe:2.3:a:typo3:fluid_engine:2.0.2
Typo3 » Fluid Engine » Version: 2.0.3

cpe:2.3:a:typo3:fluid_engine:2.0.3
Typo3 » Fluid Engine » Version: 2.0.4

cpe:2.3:a:typo3:fluid_engine:2.0.4
Typo3 » Fluid Engine » Version: 2.1.0

cpe:2.3:a:typo3:fluid_engine:2.1.0
Typo3 » Fluid Engine » Version: 2.1.1

cpe:2.3:a:typo3:fluid_engine:2.1.1
Typo3 » Fluid Engine » Version: 2.1.2

cpe:2.3:a:typo3:fluid_engine:2.1.2
Typo3 » Fluid Engine » Version: 2.1.3

cpe:2.3:a:typo3:fluid_engine:2.1.3
Typo3 » Fluid Engine » Version: 2.2.0

cpe:2.3:a:typo3:fluid_engine:2.2.0
Typo3 » Fluid Engine » Version: 2.3.0

cpe:2.3:a:typo3:fluid_engine:2.3.0
Typo3 » Fluid Engine » Version: 2.3.1

cpe:2.3:a:typo3:fluid_engine:2.3.1
Typo3 » Fluid Engine » Version: 2.3.2

cpe:2.3:a:typo3:fluid_engine:2.3.2
Typo3 » Fluid Engine » Version: 2.3.3

cpe:2.3:a:typo3:fluid_engine:2.3.3
Typo3 » Fluid Engine » Version: 2.3.4

cpe:2.3:a:typo3:fluid_engine:2.3.4
Typo3 » Fluid Engine » Version: 2.4.0

cpe:2.3:a:typo3:fluid_engine:2.4.0
Typo3 » Fluid Engine » Version: 2.5.0

cpe:2.3:a:typo3:fluid_engine:2.5.0
Typo3 » Fluid Engine » Version: 2.5.1

cpe:2.3:a:typo3:fluid_engine:2.5.1
Typo3 » Fluid Engine » Version: 2.5.2

cpe:2.3:a:typo3:fluid_engine:2.5.2
Typo3 » Fluid Engine » Version: 2.5.3

cpe:2.3:a:typo3:fluid_engine:2.5.3
Typo3 » Fluid Engine » Version: 2.5.4

cpe:2.3:a:typo3:fluid_engine:2.5.4
Typo3 » Fluid Engine » Version: 2.6.0

cpe:2.3:a:typo3:fluid_engine:2.6.0
Typo3 » Typo3 » Version: 8.7.25

cpe:2.3:a:typo3:typo3:8.7.25
Typo3 » Typo3 » Version: 9.5.6

cpe:2.3:a:typo3:typo3:9.5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15241

Products

Pricing

Contact Us