What is CVE-2020-11064?

CVE-2020-11064 is a medium-severity vulnerability in Typo3 Cms, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2020-05-13.

How severe is CVE-2020-11064?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Typo3 Cms

CVE-2020-11064

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (42.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Typo3 Cms — versions >= 9.0.0, < 9.5.17, >= 10.0.0, < 10.4.2

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-11064?: CVE-2020-11064 is a medium-severity vulnerability in Typo3 Cms, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2020-05-13.
How severe is CVE-2020-11064?: Medium severity. CVSS v3 base score is 5.4 out of 10.