Home > Vulnerability Database > CVE-2024-34356

Mend.io Vulnerability Database

CVE-2024-34356

Date: May 14, 2024

TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.

Language: PHP

Severity Score

5.4

Related Resources (8)

Url: https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156

Url: https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5

Url: https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3

Url: https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34356

Url: https://typo3.org/security/advisory/typo3-core-sa-2024-008

Url: https://github.com/TYPO3/typo3

Url: https://www.mend.io/vulnerability-database/CVE-2024-34356

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34356

Date: May 14, 2024

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?