-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing output encoding in form component rendering. TYPO3's Fluid form ViewHelpers (like TextfieldViewHelper) are primary candidates as they directly handle user-provided values. The FormController is included as it's the entry point for form processing. While exact patch details are unavailable, TYPO3's security practices indicate these components would require escaping fixes. Confidence is medium due to reliance on architectural patterns rather than direct patch analysis.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.18 | 6.2.18 |