Typo3Fluid Fluid vulnerabilities
2 known vulnerabilities affecting typo3fluid/fluid.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-26216HIGH≥ 2.0.0, < 2.0.8≥ 2.1.0, < 2.1.7+5 more2020-11-18
CVE-2020-26216 [HIGH] CWE-79 Cross-Site Scripting through Fluid view helper arguments
Cross-Site Scripting through Fluid view helper arguments
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7)
> * CWE-79
### Problem
Three XSS vulnerabilities have been detected in Fluid:
1. TagBasedViewHelper allowed XSS throug maliciously crafted `additionalAttributes` arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes,
ghsaosv
CVE-2020-15241MEDIUM≥ 2.0.0, < 2.0.5≥ 2.1.0, < 2.1.4+5 more2020-10-08
CVE-2020-15241 [MEDIUM] CWE-601 Cross-Site Scripting in ternary conditional operator
Cross-Site Scripting in ternary conditional operator
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C`(5.0)
> * CWE-79
---
:information_source: This vulnerability has been fixed in May 2019 already, CVE and GHSA were assigned later in October 2020
---
### Problem
It has been discovered that the Fluid Engine (package `typo3fluid/fluid`) is vulnerable to cross-site scripting wh
ghsaosv