-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.27 | 6.2.27 |
| typo3/cms | composer | >= 7.6.0, < 7.6.11 | 7.6.11 |
| typo3/cms | composer | >= 8.0.0, < 8.3.1 | 8.3.1 |
Miggo AIRoot Cause AnalysisThe vulnerability exists in the page module's handling of plugin content rendering. TYPO3's PageLayoutView class is central to backend content element previews and plugin rendering. The functions responsible for outputting plugin configuration data to the backend interface likely lacked proper HTML encoding before patching. The requirement for edit permissions aligns with these functions being part of backend content editing workflows. While exact commit details are unavailable, these methods are well-known XSS risk points in TYPO3's page module rendering architecture.