5.4

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-wp8j-c736-c5r3

EPSS Score

CWE

CWE-79

Published

5/30/2024

Updated

5/30/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-wp8j-c736-c5r3

GHSA-wp8j-c736-c5r3: TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors

It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability.

As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.

(GitHub Advisory)

5.4

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-wp8j-c736-c5r3

EPSS Score

CWE

CWE-79

Published

5/30/2024

Updated

5/30/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms	composer	>= 6.2.0, < 6.2.14	6.2.14
typo3/cms	composer	>= 7.0.0, < 7.3.1	7.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The first vulnerability was patched by adding htmlspecialchars() to $msg in ExtendedFileUtility.php, showing direct use of unescaped input. The second vulnerability required multiple fixes in typoLink() where raw user input (link parameters/page titles) was used without proper escaping in link text generation. Both functions handle user-controlled input that flows into HTML output without adequate sanitization, matching the described XSS vulnerabilities.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

It **s ***n *is*ov*r** t**t link t**s **n*r*t** *y typolink *un*tion*lity in t** w**sit*'s *ront*n* *r* vuln*r**l* to *ross-sit* s*riptin* - v*lu*s **in* *ssi*n** to *TML *ttri*ut*s **v* not ***n p*rs** *orr**tly. * v*li* ***k*n* us*r ***ount is n***

Reasoning

T** *irst vuln*r**ility w*s p*t**** *y ***in* `*tmlsp**i*l***rs()` to $ms* in `*xt*n****il*Utility.p*p`, s*owin* *ir**t us* o* un*s**p** input. T** s**on* vuln*r**ility r*quir** multipl* *ix*s in `typoLink()` w**r* r*w us*r input (link p*r*m*t*rs/p**

5.4

Basic Information

Concerned about an active attack path?

GHSA-wp8j-c736-c5r3: TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI