Vulnerability Description
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 8.0.0, < 8.7.47 |
Related Weaknesses (CWE)
References
- https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0PatchThird Party Advisory
- https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvgThird Party Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2022-003Vendor Advisory
- https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0PatchThird Party Advisory
- https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvgThird Party Advisory
- https://typo3.org/security/advisory/typo3-core-sa-2022-003Vendor Advisory
FAQ
What is CVE-2022-31048?
CVE-2022-31048 is a vulnerability with a CVSS score of 5.4 (MEDIUM). TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-s...
How severe is CVE-2022-31048?
CVE-2022-31048 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-31048?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.