Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

The extension fails to properly encode user input for output in HTML context. The extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting.

Credit:

The information has been provided by Oliver Hader

The original article can be found at:https://typo3.org/help/security-advisories


Details

The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.

 

Vulnerable Systems:

Dlf extension before 3.1.2 for TYPO3

 

CVE Information:

CVE-2020-16095

 

Disclosure Timeline:
Published Date:7/29/2020

Categories: FeaturedNews