Vulnerability Database
289,871
Total vulnerabilities in the database
CVE-2020-26227
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described.
| Software | From | Fixed in |
|---|---|---|
| typo3 / typo3 | 10.0.0 | 10.4.10 |
| typo3 / typo3 | 6.2.0 | 6.2.54 |
| typo3 / typo3 | 7.6.0 | 7.6.48 |
| typo3 / typo3 | 8.7.0 | 8.7.38 |
| typo3 / typo3 | 9.0.0 | 9.5.23 |
typo3 / cms-core
|
9.0.0 | 9.5.23 |
|
typo3 / cms-core
|
10.0.0 | 10.4.10 |