4.7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-m8fw-p3cr-6jqc

EPSS Score

CWE

CWE-79

Published

7/25/2023

Updated

7/26/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-m8fw-p3cr-6jqc

GHSA-m8fw-p3cr-6jqc: Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

The WordCount plugin (npm:ckeditor-wordcount-plugin) for CKEditor4 is vulnerable to cross-site scripting when switching to the source code mode. This plugin is enabled via the Full.yaml configuration present, but is not active in the default configuration.

In default scenarios, exploiting this vulnerability requires a valid backend user account. However, if custom plugins are used on the website frontend, which accept and reflect rich-text content submitted by users, no authentication is required.

Solution

Update to TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30 that fix the problem described above.

Credits

Thanks to Sybille Peters who reported this issue, and to TYPO3 core & security team member Oliver Hader who fixed the issue.

References

TYPO3-CORE-SA-2023-004
https://github.com/w8tcha/CKEditor-WordCount-Plugin/security/advisories/GHSA-q9w4-w667-qqj4

(GitHub Advisory)

Miggo Vulnerability Database

→

GHSA-m8fw-p3cr-6jqc

GHSA-m8fw-p3cr-6jqc:

4.7

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

GHSA ID

GHSA-m8fw-p3cr-6jqc

EPSS Score

CWE

CWE-79

Published

7/25/2023

Updated

7/26/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms-rte-ckeditor	composer	>= 9.5.0, < 9.5.42	9.5.42
typo3/cms-rte-ckeditor	composer	>= 10.0.0, < 10.4.39	10.4.39
typo3/cms-rte-ckeditor	composer	>= 11.0.0, < 11.5.30	11.5.30

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the WordCount plugin's handling of raw HTML content during editor mode switches. When switching to source mode, the plugin processes unsanitized editor content (via editor.getData()) to calculate word/character counts. If this content contains malicious scripts, they are executed when reflected in the UI elements controlled by the plugin. The TYPO3 advisory explicitly links the XSS to the WordCount plugin's source mode interaction, indicating improper input neutralization in its counting logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.7

-

Basic Information

Basic Information

Concerned about an active attack path?

GHSA-m8fw-p3cr-6jqc: Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

Solution

Credits

References

GHSA-m8fw-p3cr-6jqc:

4.7

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

GHSA-m8fw-p3cr-6jqc: Cross-Site Scripting in CKEditor4 WordCount Plugin

CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (4.4)

Problem

Solution

Credits

References

Technical Details

4.7

4.7

CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4)

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.4)