-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from Fluid ViewHelpers not applying context-aware escaping. The TranslateViewHelper is specifically called out in TYPO3's security practices as requiring careful escaping due to translation injection risks. The HtmlViewHelper is implicated because the advisory references improper encoding during web page generation, which aligns with HTML output handling. While exact commit details are unavailable, TYPO3's patch notes for these versions emphasize ViewHelper escaping improvements, and these components are core XSS surfaces in Fluid templating.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms-core | composer | >= 8.0.0, < 8.7.23 | 8.7.23 |
| typo3/cms-core | composer | >= 9.0.0, < 9.5.4 | 9.5.4 |
Ongoing coverage of React2Shell