TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-14T14:01:32.753Z
Updated: 2024-08-02T02:51:11.144Z
Reserved: 2024-05-02T06:36:32.438Z
Link: CVE-2024-34355
Vulnrichment
Updated: 2024-08-02T02:51:11.144Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T16:17:24.230
Modified: 2024-11-21T09:18:29.623
Link: CVE-2024-34355
Redhat
No data.