Cross-Site Scripting in TYPO3 component Indexed Search

Published: Jun 3, 2024
Updated: Jun 27, 2024
GHSA: <a href="https://github.com/advisories/GHSA-wh8q-72cp-p5wf" target="_blank" rel="noopener"> GHSA-wh8q-72cp-p5wf
Severity: Medium
Exploit:

Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.