TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-14T14:01:32.753Z

Updated: 2024-08-02T02:51:11.144Z

Reserved: 2024-05-02T06:36:32.438Z

Link: CVE-2024-34355

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:11.144Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-05-14T16:17:24.230

Modified: 2024-11-21T09:18:29.623

Link: CVE-2024-34355

cve-icon Redhat

No data.