CVE-2022-36107 TYPO3 is an open source PHP based web content management system released under the GNU GPL

CVE-2018-14609 is a security issue with TYPO3 that has been resolved in version 10.4.32. This issue is XSS and is present in the `FileDumpController`. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 10.4.32 ELTS, 11.5.16 ELTS, 12.5.5 ELTS, 12.7.3 ELTS, 13.0.0 ELTS, 13.1.0 ELTS, 13.2.0 ELTS, 14.0.0 ELTS, 14.1.0 ELTS, 14.2.0 ELTS, 15.0.0 ELTS, 15.1.0 ELTS, 15.2.0 ELTS, 16.0.0 ELTS, 16.1.0 ELTS, 16.2.0 ELTS, 17.0.0 ELTS, 17.1.0 ELTS, 17.2.0 ELTS, 18.0.0 ELTS, 18.1.0 ELTS, 18.2.0 ELTS, 19.0.0 ELTS, 19.1.0 ELTS, 19.2.0 ELTS, 20.0.0 ELTS, 20.1.0 ELTS, 20.2.0 ELTS, 21.0.0 ELTS, 21.1.0 ELTS,

Vulnerability Details

CVE-2022-36107: TYPO3 FileDumpController
Type: XSS
Status: Resolved
CVE-2018-14609: TYPO3 FileDumpController
Type: XSS

Why is the TYPO3 Security Team publishing a security alert?

It is recommended that you update to TYPO3 version 10.4.32 ELTS, 11.5.16 ELTS, 12.5.5 ELTS, 12.7.3 ELTS, 13.0.0 ELTS, 13.1.0 ELTS, 13.2.0 ELTS, 14.0.0 ELTS, 14.1.0 ELTS, 14

Timeline

Published on: 09/13/2022 18:15:00 UTC
Last modified on: 09/16/2022 14:24:00 UTC

References

• https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
• https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
• https://typo3.org/security/advisory/typo3-core-sa-2022-009
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36107