CVE-2021-21365

Published: Apr 27, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/.

Vendor	Product	Versions
benjaminkott	bootstrap_package	affected `>= 7.1.0, < 7.1.2` affected `>= 8.0.0, < 8.0.8` affected `>= 9.0.0, < 9.0.4` affected `>= 9.1.0, < 9.1.3` affected `>= 10.0.0, < 10.0.10` +1 more versions

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/benjaminkott/bootstrap_package/security/advisories/GHSA-p48w-vf3c-rqjx

x_refsource_CONFIRM

https://github.com/benjaminkott/bootstrap_package/commit/de3a568fc311d6712d9339643e51e8627c80530b

x_refsource_MISC

https://typo3.org/security/advisory/typo3-ext-sa-2021-007

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-21365

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References