Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36107

Sept. 13, 2022, 6:15 p.m. |

National Vulnerability Database nist.gov

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.

cve

Chief Information Security Officer

@ Los Angeles Unified School District | Los Angeles

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

IT Security Engineer

@ Stylitics | New York City

Information Security Engineer

@ VDA Labs | Remote

Enterprise Security Engineer

@ Greenlight | Bengaluru, Karnataka

Security Solution Administrator - Antivirus Operation (REF565Y)

@ Deutsche Telekom IT Solutions | Budapest, Pécs, Debrecen, Szeged, Hungary

IT Infrastructure Engineer - Cloud Security Administration and Consulting

@ Bosch Group | Warszawa, Poland

Embedded Software Development und Cyber Security Experte (m/w/div)

@ Bosch Group | Leinfelden-Echterdingen, Germany

Senior Cybersecurity Architect

@ McDonald's Corporation | Chicago, IL, United States

Security Engineering Student Worker

@ Mozilla | Remote

Cybersecurity Masters Intern

@ Visa | Ashburn, VA, United States