Cross-Site Scripting in TYPO3 component Indexed Search · GHSA-wh8q-72cp-p5wf · GitHub Advisory Database · GitHub

Cross-Site Scripting in TYPO3 component Indexed Search

Moderate severity GitHub Reviewed Published Jun 3, 2024 to the GitHub Advisory Database • Updated Jun 3, 2024

Package

typo3/cms (Composer)

Affected versions

>= 6.2.0, < 6.2.16

Patched versions

6.2.16

Description

Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.

References

Published to the GitHub Advisory Database Jun 3, 2024

Reviewed Jun 3, 2024

Last updated Jun 3, 2024