php · typo3/cms-coreHeads-up
typo3/cms-core: XSS in Indexed Search plugin via unsanitized page titles
Cross-Site Scripting vulnerability in Indexed Search plugin: page titles with HTML markup are stored in search index without sanitization and rendered without o
What changed
Cross-Site Scripting vulnerability in Indexed Search plugin: page titles with HTML markup are stored in search index without sanitization and rendered without output encoding in frontend search results.
Who it affects
Editors with access to create or modify page content, and users viewing frontend search results via Indexed Search plugin.
What to do today
Update to TYPO3 versions 13.4.31 LTS or 14.3.3 LTS that fix the problem.
The trail
Collected→
Audited→
Written→
Published