-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two related functions in TYPO3's security utilities. t3lib_div::quoteJSvalue directly processes JavaScript output encoding, and its incomplete escaping is explicitly called out in the CVE description. t3lib_div::RemoveXSS is identified in the TYPO3 security bulletin as part of the same HTML sanitization flaw, with both functions contributing to the XSS vulnerability through different attack vectors (JS context encoding vs HTML sanitization). Both would appear in stack traces when user input flows through TYPO3's security filters before reaching vulnerable output.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 4.5, < 4.5.19 | 4.5.19 |
| typo3/cms | composer | >= 4.6, < 4.6.12 | 4.6.12 |
| typo3/cms | composer | >= 4.7, < 4.7.4 | 4.7.4 |