Vulnerability Details CVE-2021-21340
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92
- https://packagist.org/packages/typo3/cms-backend
- https://typo3.org/security/advisory/typo3-core-sa-2021-007
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92
- https://packagist.org/packages/typo3/cms-backend
- https://typo3.org/security/advisory/typo3-core-sa-2021-007
Products affected by CVE-2021-21340
-
cpe:2.3:a:typo3:typo3:10.0.0
-
cpe:2.3:a:typo3:typo3:10.0.10
-
cpe:2.3:a:typo3:typo3:10.0.9
-
cpe:2.3:a:typo3:typo3:10.1.0
-
cpe:2.3:a:typo3:typo3:10.2.0
-
cpe:2.3:a:typo3:typo3:10.2.1
-
cpe:2.3:a:typo3:typo3:10.2.2
-
cpe:2.3:a:typo3:typo3:10.3.0
-
cpe:2.3:a:typo3:typo3:10.4.0
-
cpe:2.3:a:typo3:typo3:10.4.1
-
cpe:2.3:a:typo3:typo3:10.4.10
-
cpe:2.3:a:typo3:typo3:10.4.11
-
cpe:2.3:a:typo3:typo3:10.4.12
-
cpe:2.3:a:typo3:typo3:10.4.13
-
cpe:2.3:a:typo3:typo3:10.4.2
-
cpe:2.3:a:typo3:typo3:10.4.3
-
cpe:2.3:a:typo3:typo3:10.4.4
-
cpe:2.3:a:typo3:typo3:10.4.5
-
cpe:2.3:a:typo3:typo3:10.4.6
-
cpe:2.3:a:typo3:typo3:10.4.7
-
cpe:2.3:a:typo3:typo3:10.4.8
-
cpe:2.3:a:typo3:typo3:10.4.9
-
cpe:2.3:a:typo3:typo3:11.0.0
-
cpe:2.3:a:typo3:typo3:11.0.2
-
cpe:2.3:a:typo3:typo3:11.0.3
-
cpe:2.3:a:typo3:typo3:11.1.0