{"id":"CVE-2020-8091","details":"svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.","aliases":["BIT-typo3-2020-8091","GHSA-qvhv-pwww-53jj"],"modified":"2026-03-14T10:33:34.443165Z","published":"2020-01-27T22:15:11.343Z","references":[{"type":"ADVISORY","url":"https://typo3.org/security/advisory/typo3-psa-2019-003/"},{"type":"EVIDENCE","url":"https://www.purplemet.com/blog/typo3-xss-vulnerability"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/typo3/typo3.cms","events":[{"introduced":"583c888de32e077111951cced1a33571516cb5d3"},{"last_affected":"5fa3e3899f93a5fcc022ad2564c1f23855c81e5f"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"last_affected":"7.1.0"}]}}],"versions":["7.0.0","7.1.0","TYPO3_7-0-0","TYPO3_7-1-0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"6.2"},{"fixed":"6.2.39"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8091.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}