Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-34356

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.

Published

2024-05-14T16:17:24.750

Last Modified

2025-09-03T17:34:28.887

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	typo3	typo3	< 9.5.48	Yes
Application	typo3	typo3	< 10.4.45	Yes
Application	typo3	typo3	< 11.5.37	Yes
Application	typo3	typo3	< 12.4.15	Yes
Application	typo3	typo3	< 13.1.1	Yes

References

https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156 Patch ([email protected])
https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5 Patch ([email protected])
https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64 Patch ([email protected])
https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3 Vendor Advisory ([email protected])
https://typo3.org/security/advisory/typo3-core-sa-2024-008 Vendor Advisory ([email protected])
https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://typo3.org/security/advisory/typo3-core-sa-2024-008 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)