CVE-2021-21340MEDIUM≥ 10.0.0, < 10.4.14·≥ 11.0.0, < 11.1.12021-03-23
CVE-2021-21340 [MEDIUM] CWE-79 Cross-Site Scripting in Content Preview
Cross-Site Scripting in Content Preview
### Problem
It has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
### Solution
Update to TYPO3 versions 10.4.14, 11.1.1 that fix the problem described.
### Credits
Thanks to Richie Lee who reported this is
ghsaosv