Vulnerability Description
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 10.2.0, < 10.4.14 |
Related Weaknesses (CWE)
References
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2Third Party Advisory
- https://packagist.org/packages/typo3/cms-formRelease NotesThird Party Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2021-004Vendor Advisory
- https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x79j-wgqv-g8h2Third Party Advisory
- https://packagist.org/packages/typo3/cms-formRelease NotesThird Party Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2021-004Vendor Advisory
FAQ
What is CVE-2021-21358?
CVE-2021-21358 is a vulnerability with a CVSS score of 5.4 (MEDIUM). TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerab...
How severe is CVE-2021-21358?
CVE-2021-21358 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21358?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.