CVE-2024-34356

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.
Configurations

No configuration.

History

14 May 2024, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-05-14 19:17


NVD link : CVE-2024-34356

Mitre link : CVE-2024-34356

CVE.ORG link : CVE-2024-34356


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')