What is TYPO3-CORE-SA-2020-003?

TYPO3-CORE-SA-2020-003 is a vulnerability in TYPO3 CMS that allows for cross-site scripting attacks.

Which versions of TYPO3 CMS are affected by TYPO3-CORE-SA-2020-003?

TYPO3 CMS versions 9.5.12 to 9.5.17 and 10.2.0 to 10.4.2 are affected.

What is the severity of TYPO3-CORE-SA-2020-003?

TYPO3-CORE-SA-2020-003 has a severity rating of 5.4, which is considered medium.

How can TYPO3-CORE-SA-2020-003 be exploited?

TYPO3-CORE-SA-2020-003 can be exploited by injecting malicious code through link tags generated by typolink functionality.

Are there any patches or fixes available for TYPO3-CORE-SA-2020-003?

Yes, patches and fixes are available for TYPO3-CORE-SA-2020-003. It is recommended to update TYPO3 CMS to versions 9.5.18 or 10.4.3 to mitigate the vulnerability.

Vulnerability/
CVE-2020-11065

medium

5.4

CWE

12/5/2020

13/5/2020

4/8/2024

CVE-2020-11065: Cross-Site Scripting in TYPO3 CMS

First published: Tue May 12 2020(Updated: )

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
composer/typo3/cms-core	>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms	>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3	>=9.5.12<9.5.17
Typo3 Typo3	>=10.2.0<10.4.2
composer/typo3/cms	>=9.0.0<9.5.17	9.5.17
composer/typo3/cms	>=10.0.0<10.4.2	10.4.2
composer/typo3/cms-core	>=9.0.0<9.5.17	9.5.17
composer/typo3/cms-core	>=10.0.0<10.4.2	10.4.2
	>=9.5.12<9.5.17
	>=10.2.0<10.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is TYPO3-CORE-SA-2020-003?
TYPO3-CORE-SA-2020-003 is a vulnerability in TYPO3 CMS that allows for cross-site scripting attacks.
Which versions of TYPO3 CMS are affected by TYPO3-CORE-SA-2020-003?
TYPO3 CMS versions 9.5.12 to 9.5.17 and 10.2.0 to 10.4.2 are affected.
What is the severity of TYPO3-CORE-SA-2020-003?
TYPO3-CORE-SA-2020-003 has a severity rating of 5.4, which is considered medium.
How can TYPO3-CORE-SA-2020-003 be exploited?
TYPO3-CORE-SA-2020-003 can be exploited by injecting malicious code through link tags generated by typolink functionality.
Are there any patches or fixes available for TYPO3-CORE-SA-2020-003?
Yes, patches and fixes are available for TYPO3-CORE-SA-2020-003. It is recommended to update TYPO3 CMS to versions 9.5.18 or 10.4.3 to mitigate the vulnerability.

collector/friends-of-php
collector/nvd-index
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-4j77-gg36-9864
alias/CVE-2020-11065
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/references
agent/description
agent/author
agent/softwarecombine
collector/nvd-cve
source/NVD
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/tags
agent/event
package-manager/composer
vendor/typo3
canonical/typo3 typo3
version/typo3 typo3/9.5.12
version/typo3 typo3/10.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.