The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS.
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
https://typo3.org/help/security-advisories | third party advisory |
https://typo3.org/security/advisory/typo3-ext-sa-2022-009 | third party advisory patch |