CVE-2021-21340 MEDIUM

CVE-2021-21340: Cross-Site Scripting in Content Preview

Vendor Typo3
Product TYPO3.CMS
Weakness CWE-79 · XSS
Published March 23, 2021
Last update August 3, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 .

Key dates

02Disclosure timeline

March 23, 2021 CVE published
August 3, 2024 Record updated