CVE-2022-31048 MEDIUM

CVE-2022-31048: Cross-Site Scripting in Form Framework

Vendor Typo3

Product typo3

Weakness CWE-79 · XSS

Published June 14, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

Key dates

02Disclosure timeline

June 14, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-31048

Related vulnerabilities

Identifiers

CVE CVE-2022-31048

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Typo3

Product typo3

Affected >= 8.0.0, < 8.7.47

Vendor Typo3

Product typo3

Affected >= 9.0.0, < 9.5.34

Vendor Typo3

Product typo3

Affected >= 10.0.0, < 10.4.29

Vendor Typo3

Product typo3

Affected >= 11.0.0, < 11.5.11

CVE-2022-31048: Cross-Site Scripting in Form Framework

01Description

02Disclosure timeline

03References

04Related CVE