Technology
Open source CMS TYPO3 addresses the XSS flaw
The maintainers of venerable open source content management system (CMS) TYPO3 have fixed a cross-site scripting (XSS) flaw with a raft of software updates.
The XSS mechanism of PHP package typo3/html-sanitizer was bypassed due to a parsing problem in upstream package masterminds/html5, whereby a “malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized”, explained a GitHub advisory published on Tuesday (September 13).
The issue has been patched in 7.6.58, 8.7.48, 9.5.37, 10.4.32, and 11.5.16 of typo3/cms-core. All prior versions on these release lines are affected.
With user interaction required the bug is classed as only moderate severity, notching a CVSS score of 6.1.
Nevertheless, even with a modest market share TYPO3 accounts for a huge number of active installations.
Launched in 1997, the free-to-use CMS has 2.43% of the CMS market, which translates to more than 230,000 customers, 46% of which are based in Germany.
The TYPO3 Association, which has around 900 members, funds development via donations and membership subscriptions.
Credit for bug discovery goes to security researcher David Klein, while Oliver Hader, TYPO3 security team lead and core developer, developed the patch.
-
Technology2 years ago
VoIP Number: Everything You Need To Know
-
Music2 weeks ago
[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music2 weeks ago
[INSTRUMENTAL] John Legend – All Of Me
-
Music2 weeks ago
Alan Walker – Faded [INSTRUMENTAL]
-
Music2 weeks ago
[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music2 weeks ago
[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
ANE Stories3 months ago
[STORY] AMAKA THE LESBIAN (Complete Episodes)
-
Music3 weeks ago
[Music] Akon – Sorry Blame It On Me