CVE-2020-8091
Typo3 Cross-Site Scripting in Flash component (ELTS)
6.1
MEDIUM
CVSS 3.1
EPSS 20.5%
Description
TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
How to fix CVE-2020-8091
To remediate CVE-2020-8091, upgrade the affected package to a fixed version below.
- Bitnami/typo3—upgrade to 6.2.39 or later
- —upgrade to 7.2.0 or later
Is CVE-2020-8091 being exploited?
Moderate — EPSS is 20.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- >= 6.2.0, < 6.2.39, >= 7.0.0, < 7.1.0
- >= 7.0.0, < 7.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYnvd.nist.gov/vuln/detail/CVE-2020-8091
- PATCHgithub.com/TYPO3/typo3
- WEBgithub.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
- WEBgithub.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c