CVE-2023-28604 Information

Description

The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter for certain content use cases that may be edge cases.

Reference

https://typo3.org/security/advisory/typo3-ext-sa-2023-003 https://github.com/sitegeist/fluid-components/blob/master/Documentation/XssIssue.md