CVE-2021-32669 MEDIUM

CVE-2021-32669: Cross-Site Scripting in Backend Grid View

Vendor Typo3
Product TYPO3.CMS
Weakness CWE-79 · XSS
Published July 20, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

6.4/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.

Key dates

02Disclosure timeline

July 20, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-62320 HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform CVE-2023-41949 WordPress iFolders Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS) CVE-2026-33080 Filament: Unvalidated Range and Values summarizer values can be used for XSS CVE-2024-11098 SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload CVE-2022-32970 WordPress Themify Portfolio Post Plugin <= 1.2.4 is vulnerable to Cross Site Scripting (XSS)