CVE-2018-6905

MEDIUM LAB

TYPO3 < 8.7.11 and 9.1.0 - Stored Cross-Site Scripting via Site Name Configuration

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-6905. PoCs published by pradeepjairamani, dnr6419.

AI-analyzed exploit summary This repository contains a README describing a persistent XSS vulnerability in TYPO3 v9.1.0, assigned CVE-2018-6905. No actual exploit code is provided, only a brief description of the vulnerability.

Description

The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.

Exploits (2)

nomisec WRITEUP 5 stars
by pradeepjairamani · poc
https://github.com/pradeepjairamani/TYPO3-XSS-POC

This repository contains a README describing a persistent XSS vulnerability in TYPO3 v9.1.0, assigned CVE-2018-6905. No actual exploit code is provided, only a brief description of the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: TYPO3 v9.1.0
No auth needed
Prerequisites: Access to a vulnerable TYPO3 instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by dnr6419 · poc
https://github.com/dnr6419/CVE-2018-6905

This repository provides a writeup and setup instructions for exploiting CVE-2018-6905, a stored XSS vulnerability in TYPO3. It includes steps to deploy a vulnerable TYPO3 instance using Docker and demonstrates the XSS payload injection during the installation process.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: TYPO3 (versions affected by CVE-2018-6905)
No auth needed
Prerequisites: Docker environment · TYPO3 installation access · MySQL database
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://forge.typo3.org/issues/84191
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040755
Exploit, Third Party Advisory x_refsource_misc
https://github.com/pradeepjairamani/TYPO3-XSS-POC

Scores

CVSS v3 4.8
EPSS 0.0227
EPSS Percentile 85.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull mysql:5.6.51
docker pull phpmyadmin/phpmyadmin

Details

CWE
CWE-79
Status published
Products (2)
typo3/cms 0 - 9.2.0Packagist
typo3/typo3 < 8.7.11
Published Apr 08, 2018
Tracked Since Feb 18, 2026