Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Published on August 13th, 2020

Summary

The extension fails to properly encode user input for output in HTML context. The extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting.

Credit:

The information has been provided by Oliver Hader

The original article can be found at:https://typo3.org/help/security-advisories

Details

The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.

Vulnerable Systems:

Dlf extension before 3.1.2 for TYPO3

CVE Information:

CVE-2020-16095

Disclosure Timeline:
Published Date:7/29/2020

Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

Credit:

Details

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

Credit:

Details

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability