TYPO3 cs_seo
Moderate fix4 remedies
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 6.3.0, <= 6.7.0
- >= 7.0.0, <= 7.4.0
- >= 8.0.0, <= 8.3.0
- >= 9.0.0, <= 9.2.0
TYPO3 cs_seo Extension Cross-Site Scripting Vulnerability
Vulnerability
Patched
A cross-site scripting (XSS) vulnerability has been identified in the cs_seo extension for TYPO3, affecting versions 6.3.0 through 6.7.0, 7.0.0 through 7.4.0, 8.0.0 through 8.3.0, and 9.0.0 through 9.2.0. The vulnerability arises because the extension does not properly encode user input for output in the HTML context of the TYPO3 backend user interface. This issue can only be exploited by a logged-in backend user.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Remediation
Users of the cs_seo extension are advised to update to versions 6.8.0, 7.5.0, 8.4.0, or 9.3.0, available from the TYPO3 extension manager, Packagist, or through the TYPO3 extensions repository.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
1.7exploitability
4.7remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.