CVE-2021-32768
published 2021-08-10CVE-2021-32768: TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.73%
49.5th percentile
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| typo3 | cms | >= 10.0.0 < 10.4.19 | 10.4.19 |
| typo3 | cms | >= 11.0.0 < 11.3.2 | 11.3.2 |
| typo3 | cms | >= 7.0.0 < 7.6.53 | 7.6.53 |
| typo3 | cms | >= 8.0.0 < 8.7.42 | 8.7.42 |
| typo3 | cms | >= 9.0.0 < 9.5.29 | 9.5.29 |
| typo3 | cms-core | >= 10.0.0 < 10.4.19 | 10.4.19 |
| typo3 | cms-core | >= 11.0.0 < 11.3.2 | 11.3.2 |
| typo3 | cms-core | >= 7.0.0 < 7.6.53 | 7.6.53 |
| typo3 | cms-core | >= 8.0.0 < 8.7.42 | 8.7.42 |
| typo3 | cms-core | >= 9.0.0 < 9.5.29 | 9.5.29 |
| typo3 | typo3 | 10.0.0 – 10.4.18 | — |
| typo3 | typo3 | 11.0.0 – 11.3.1 | — |
| typo3 | typo3 | 7.0.0 – 7.6.52 | — |
| typo3 | typo3 | 8.0.0 – 8.7.41 | — |
| typo3 | typo3 | 9.0.0 – 9.5.28 | — |
| typo3 | typo3.cms | — | — |
| typo3 | typo3.cms | — | — |
| typo3 | typo3.cms | — | — |
| typo3 | typo3.cms | — | — |
| typo3 | typo3.cms | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-Site Scripting via Rich-Text Content
osv·2021-08-19
CVE-2021-32768 [MEDIUM] Cross-Site Scripting via Rich-Text Content
Cross-Site Scripting via Rich-Text Content
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7)
### Problem
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Functions/Htmlparser.html)_ do not consider all potentially malicious HTML tag & attribute combinations per default.
In addition, the lack of comprehensive default node configuration for rich-text fields in the backend user interface fosters this malfunction.
In default scenarios, a valid backend user account is needed to exploit this vulner
GHSA
Cross-Site Scripting via Rich-Text Content
ghsa·2021-08-19
CVE-2021-32768 [MEDIUM] CWE-79 Cross-Site Scripting via Rich-Text Content
Cross-Site Scripting via Rich-Text Content
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7)
### Problem
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality _[HTMLparser](https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Functions/Htmlparser.html)_ do not consider all potentially malicious HTML tag & attribute combinations per default.
In addition, the lack of comprehensive default node configuration for rich-text fields in the backend user interface fosters this malfunction.
In default scenarios, a valid backend user account is needed to exploit this vulner
Red Hat
kernel: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
vendor_redhat·2024-02-28·CVSS 5.5
CVE-2021-47047 [MEDIUM] CWE-392 kernel: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
kernel: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails
The spi controller supports 44-bit address space on AXI in DMA mode,
so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.
In addition, if dma_map_single fails, it should return immediately
instead of continuing doing the DMA operation which bases on invalid
address.
This fixes the following crash which occurs in reading a big block
from flash:
[ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots)
[ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped
[ 123.784625] Unable to handle kernel paging reque
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-08-10
Published