TYPO3 extension gridelements vulnerable to cross-site scripting
A current security advisory for the TYPO3 extension gridelements certifies a vulnerability to cross-site scripting attacks. This affects version 3.0.0, 2.1.2 as well as previous versions of 2.1.2. The security risk, which is classified as "medium", can be fixed by updating to 3.0.1 or 2.1.3.
The background of the problem is that gridelements does not properly check user input in the HTML context. Input from backend users (editors) with access to text fields within database tables can exploit this vulnerability.
More information:
