Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
The extension fails to properly encode user input for output in HTML context. The extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting.
The information has been provided by Oliver Hader
The original article can be found at:https://typo3.org/help/security-advisories
The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.
Dlf extension before 3.1.2 for TYPO3