Description
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2008-1812 Vulnerability (CVE-2008-1812)
WordPress Plugin Visual Form Builder Cross-Site Scripting (3.0.3)
Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-27912)