Dlf extension before 3.1.2 for TYPO3 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
Published on August 13th, 2020
Summary
The extension fails to properly encode user input for output in HTML context. The extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting.
Credit:
The information has been provided by Oliver Hader
The original article can be found at:https://typo3.org/help/security-advisories
Details
The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.
Vulnerable Systems:
Dlf extension before 3.1.2 for TYPO3
CVE Information:
Disclosure Timeline:
Published Date:7/29/2020