Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability


The extension fails to properly encode user input for output in HTML context. The extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting.


The information has been provided by Oliver Hader

The original article can be found at:https://typo3.org/help/security-advisories


The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.


Vulnerable Systems:

Dlf extension before 3.1.2 for TYPO3


CVE Information:



Disclosure Timeline:
Published Date:7/29/2020

Categories: FeaturedNews