Typo3 Fluid vulnerabilities

2 known vulnerabilities affecting typo3/fluid.

Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-26216MEDIUMCVSS 6.1fixed in 2.0.8≥ 2.1.0, < 2.1.7+12 more2020-11-17
CVE-2020-26216 [MEDIUM] CWE-79 CVE-2020-26216: TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cr TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such at
cvelistv5nvd
CVE-2020-15241MEDIUMCVSS 6.1v>= 2.0.0, < 2.0.5v>= 2.1.0, < 2.1.4+5 more2020-10-08
CVE-2020-15241 [MEDIUM] CWE-601 CVE-2020-15241: TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2 TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) ve
cvelistv5nvd
Typo3 Fluid vulnerabilities | cvebase