CVE-2024-34355

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375	Patch
https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc	Vendor Advisory
https://typo3.org/security/advisory/typo3-core-sa-2024-007	Vendor Advisory
https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375	Patch
https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc	Vendor Advisory
https://typo3.org/security/advisory/typo3-core-sa-2024-007	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

History

21 Jan 2025, 16:08

Type	Values Removed	Values Added
References	~~() https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375 -~~	() https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375 - Patch
References	~~() https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc -~~	() https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc - Vendor Advisory
References	~~() https://typo3.org/security/advisory/typo3-core-sa-2024-007 -~~	() https://typo3.org/security/advisory/typo3-core-sa-2024-007 - Vendor Advisory
First Time		Typo3 typo3 Typo3
CPE		cpe:2.3:a:typo3:typo3::::::::

Information

Published : 2024-05-14 16:17

Updated : 2025-01-21 16:08

NVD link : CVE-2024-34355

Mitre link : CVE-2024-34355

CVE.ORG link : CVE-2024-34355

JSON object : View

Products Affected

typo3

typo3

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2024-34355", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-05-14T16:17:24.230", "references": [{"url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-116"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described."}, {"lang": "es", "value": "TYPO3 es un sistema de gesti\u00f3n de contenidos empresariales. A partir de la versi\u00f3n 13.0.0 y antes de la versi\u00f3n 13.1.1, el m\u00f3dulo de backend del historial es vulnerable a la inyecci\u00f3n de HTML. Aunque los encabezados Content-Security-Policy previenen efectivamente la ejecuci\u00f3n de JavaScript, los adversarios a\u00fan pueden inyectar etiquetas HTML maliciosas. Para explotar esta vulnerabilidad se requiere una cuenta de usuario backend v\u00e1lida. La versi\u00f3n 13.1.1 de TYPO3 soluciona el problema descrito."}], "lastModified": "2025-01-21T16:08:57.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2C76A9E-3FD0-4614-8743-F1E99CC6FC99", "versionEndExcluding": "13.1.1", "versionStartIncluding": "13.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}