What is TYPO3-CORE-SA-2020-002?

TYPO3-CORE-SA-2020-002 is a vulnerability in TYPO3 CMS that allows for cross-site scripting (XSS) attacks.

What is the severity of CVE-2020-11064?

The severity of CVE-2020-11064 is medium with a CVSS score of 5.4.

Which versions of TYPO3 CMS are affected by CVE-2020-11064?

TYPO3 CMS versions 9.0.0 to 9.5.17 and 10.0.0 to 10.4.2 are affected by CVE-2020-11064.

How can a cross-site scripting (XSS) attack be performed with CVE-2020-11064?

By exploiting the vulnerability in TYPO3 CMS, an attacker can inject malicious scripts into HTML placeholder attributes, potentially leading to XSS attacks.

Are there any fixes or patches available for CVE-2020-11064?

Yes, TYPO3 CMS has released fixes and patches for CVE-2020-11064. It is recommended to update to version 9.5.17 or 10.4.2 to mitigate the vulnerability.

Vulnerability/
CVE-2020-11064

medium

5.4

CWE

12/5/2020

13/5/2020

4/8/2024

CVE-2020-11064: Cross-Site Scripting in TYPO3 CMS

First published: Tue May 12 2020(Updated: )

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML `placeholder` attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 versions 9.5.17 or 10.4.2 that fix the problem described. ### References * https://typo3.org/security/advisory/typo3-core-sa-2020-002

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
composer/typo3/cms-core	>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms	>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3	>=9.0.0<9.5.17
Typo3 Typo3	>=10.0.0<10.4.2
composer/typo3/cms	>=9.0.0<9.5.17	9.5.17
composer/typo3/cms	>=10.0.0<10.4.2	10.4.2
composer/typo3/cms-core	>=10.0.0<10.4.2	10.4.2
composer/typo3/cms-core	>=9.0.0<9.5.17	9.5.17
	>=9.0.0<9.5.17
	>=10.0.0<10.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is TYPO3-CORE-SA-2020-002?
TYPO3-CORE-SA-2020-002 is a vulnerability in TYPO3 CMS that allows for cross-site scripting (XSS) attacks.
What is the severity of CVE-2020-11064?
The severity of CVE-2020-11064 is medium with a CVSS score of 5.4.
Which versions of TYPO3 CMS are affected by CVE-2020-11064?
TYPO3 CMS versions 9.0.0 to 9.5.17 and 10.0.0 to 10.4.2 are affected by CVE-2020-11064.
How can a cross-site scripting (XSS) attack be performed with CVE-2020-11064?
By exploiting the vulnerability in TYPO3 CMS, an attacker can inject malicious scripts into HTML placeholder attributes, potentially leading to XSS attacks.
Are there any fixes or patches available for CVE-2020-11064?
Yes, TYPO3 CMS has released fixes and patches for CVE-2020-11064. It is recommended to update to version 9.5.17 or 10.4.2 to mitigate the vulnerability.

collector/friends-of-php
collector/nvd-index
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-43gj-mj2w-wh46
alias/CVE-2020-11064
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/description
agent/author
agent/softwarecombine
collector/nvd-cve
source/NVD
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/tags
agent/event
package-manager/composer
vendor/typo3
canonical/typo3 typo3
version/typo3 typo3/9.0.0
version/typo3 typo3/10.0.0