-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability exists in content element rendering where user-controlled fields are output without proper encoding. While no direct patch code is available, TYPO3's architecture places content element HTML generation in CssStyledContentController. The getTable_tt_content method is the primary rendering point for table-based content elements and would handle field output. The vulnerability description explicitly implicates the CSS styled content component, and this controller is the central processing point for that functionality. Confidence is medium due to reliance on architectural patterns rather than direct patch analysis.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.19 | 6.2.19 |
| typo3/cms | composer | >= 7.6.0, < 7.6.4 | 7.6.4 |
PHPPHPOngoing coverage of React2Shell