What is CVE-2020-11065?

CVE-2020-11065 is a medium-severity vulnerability in Typo3 Cms, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2020-05-13.

How severe is CVE-2020-11065?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Typo3 Cms

CVE-2020-11065

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (42.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Typo3 Cms — versions >= 9.5.12, < 9.5.17, >= 10.2.0, < 10.4.2

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-11065?: CVE-2020-11065 is a medium-severity vulnerability in Typo3 Cms, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2020-05-13.
How severe is CVE-2020-11065?: Medium severity. CVSS v3 base score is 5.4 out of 10.