cnvd - cnvd-2021-26149

CNVD-2021-26149

Vulnerability from cnvd - Published: 2021-04-09

Title

TYPO3跨站脚本漏洞（CNVD-2021-26149）

Description

TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 Fluid存在跨站脚本漏洞，目前没有详细漏洞细节提供。

Severity

中

Patch Name

TYPO3跨站脚本漏洞（CNVD-2021-26149）的补丁

Patch Description

TYPO3是瑞士TYPO3协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 Fluid存在跨站脚本漏洞，目前没有详细漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修补方案，请关注厂商主页及时更新： https://typo3.org/security/advisory/typo3-core-sa-2020-009

Reference

https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc

Impacted products

Name
['TYPO3 Typo3 <9.5.23', 'TYPO3 Typo3 <10.4.10', 'TYPO3 Typo3 <2.0.8', 'TYPO3 Typo3 <2.1.7', 'TYPO3 Typo3 <2.2.4', 'TYPO3 Typo3 <2.3.7', 'TYPO3 Typo3 <2.4.4', 'TYPO3 Typo3 <2.5.11', 'TYPO3 Typo3 <2.6.10']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26216",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26216"
    }
  },
  "description": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002\n\nTYPO3 Fluid\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://typo3.org/security/advisory/typo3-core-sa-2020-009",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-26149",
  "openTime": "2021-04-09",
  "patchDescription": "TYPO3\u662f\u745e\u58ebTYPO3\u534f\u4f1a\u7684\u4e00\u5957\u514d\u8d39\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf(\u6846\u67b6)(CMS/CMF)\u3002\r\n\r\nTYPO3 Fluid\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "TYPO3\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-26149\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "TYPO3 Typo3 \u003c9.5.23",
      "TYPO3 Typo3 \u003c10.4.10",
      "TYPO3 Typo3 \u003c2.0.8",
      "TYPO3 Typo3 \u003c2.1.7",
      "TYPO3 Typo3 \u003c2.2.4",
      "TYPO3 Typo3 \u003c2.3.7",
      "TYPO3 Typo3 \u003c2.4.4",
      "TYPO3 Typo3 \u003c2.5.11",
      "TYPO3 Typo3 \u003c2.6.10"
    ]
  },
  "referenceLink": "https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-24",
  "title": "TYPO3\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-26149\uff09"
}

CVE-2020-26216 (GCVE-0-2020-26216)

Vulnerability from cvelistv5 – Published: 2020-11-17 20:45 – Updated: 2024-08-04 15:49

Title

Cross-Site Scripting in TYPO3 Fluid

Summary

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/TYPO3/Fluid/security/advisorie…	x_refsource_CONFIRM
	https://github.com/TYPO3/Fluid/commit/f20db4e74cf…	x_refsource_MISC
	https://typo3.org/security/advisory/typo3-core-sa…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	TYPO3	Fluid	Affected: >= 2.0.0, < 2.0.8 Affected: >= 2.1.0, < 2.1.7 Affected: >= 2.2.0, < 2.2.4 Affected: >= 2.3.0, < 2.3.7 Affected: >= 2.4.0, < 2.4.4 Affected: >= 2.5.0, < 2.5.11 Affected: >= 2.6.0, < 2.6.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:49:07.226Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-hpjm-3ww5-6cpf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-009"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fluid",
          "vendor": "TYPO3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.1.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.4.0, \u003c 2.4.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.5.0, \u003c 2.5.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.6.0, \u003c 2.6.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-17T20:45:20",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-hpjm-3ww5-6cpf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-009"
        }
      ],
      "source": {
        "advisory": "GHSA-hpjm-3ww5-6cpf",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-Site Scripting in TYPO3 Fluid",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-26216",
          "STATE": "PUBLIC",
          "TITLE": "Cross-Site Scripting in TYPO3 Fluid"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fluid",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.0.8"
                          },
                          {
                            "version_value": "\u003e= 2.1.0, \u003c 2.1.7"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.4"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.7"
                          },
                          {
                            "version_value": "\u003e= 2.4.0, \u003c 2.4.4"
                          },
                          {
                            "version_value": "\u003e= 2.5.0, \u003c 2.5.11"
                          },
                          {
                            "version_value": "\u003e= 2.6.0, \u003c 2.6.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TYPO3"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting. Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS through maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML. When rendering such attributes, TagBuilder would not escape the keys. 2. ViewHelpers which used the CompileWithContentArgumentAndRenderStatic trait, and which declared escapeOutput = false, would receive the content argument in unescaped format. 3. Subclasses of AbstractConditionViewHelper would receive the then and else arguments in unescaped format. Update to versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 or 2.6.10 of this typo3fluid/fluid package that fix the problem described. More details are available in the linked advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-hpjm-3ww5-6cpf",
              "refsource": "CONFIRM",
              "url": "https://github.com/TYPO3/Fluid/security/advisories/GHSA-hpjm-3ww5-6cpf"
            },
            {
              "name": "https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc",
              "refsource": "MISC",
              "url": "https://github.com/TYPO3/Fluid/commit/f20db4e74cf9803c6cffca2ed2f03e1b0b89d0dc"
            },
            {
              "name": "https://typo3.org/security/advisory/typo3-core-sa-2020-009",
              "refsource": "MISC",
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2020-009"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-hpjm-3ww5-6cpf",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26216",
    "datePublished": "2020-11-17T20:45:20",
    "dateReserved": "2020-10-01T00:00:00",
    "dateUpdated": "2024-08-04T15:49:07.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-26149

CVE-2020-26216 (GCVE-0-2020-26216)

Tags

Sightings

Nomenclature