{"id":"CVE-2021-31778","details":"The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.","aliases":["GHSA-xpxm-pf7g-2534"],"modified":"2026-03-10T23:34:37.514109Z","published":"2021-04-28T07:15:07.533Z","references":[{"type":"WEB"},{"type":"FIX","url":"https://typo3.org/security/advisory/typo3-ext-sa-2021-004"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ghermens/media2click","events":[{"introduced":"481a067e3eea5a509a7c8c66ac3a59d49650d087"},{"fixed":"e8ad5d3b5fbc64961eb4dfd1faefadcada385f98"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"fixed":"1.3.3"}]}}],"versions":["1.0.0","1.1.0","1.1.1","1.1.2","1.2.0","1.2.1","1.3.0","1.3.1","1.3.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31778.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}