CVE-2022-31048
MEDIUMTYPO3 <8.7.47 ELTS, <9.5.34 ELTS, <10.4.29, <11.5.11 - XSS
Title source: llmDescription
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
Patch, Third Party Advisory x_refsource_misc
https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
Vendor Advisory x_refsource_misc
https://typo3.org/security/advisory/typo3-core-sa-2022-003
Scores
CVSS v3
5.4
EPSS
0.0063
EPSS Percentile
70.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (4)
typo3/cms
10.0.0 - 10.4.29Packagist
typo3/cms-core
8.0.0 - 8.7.47Packagist
typo3/typo3
10.0.0 - 10.4.29
typo3/typo3
8.0.0 - 8.7.47
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026