CVE-2022-31049

Sažetak

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.

Reference

https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d
https://typo3.org/security/advisory/typo3-core-sa-2022-004
https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

23-06-2022 - 13:16

Objavljeno

14-06-2022 - 21:15