GHSA-hq37-rfjc-mr8h: 
PHP vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in the TYPO3 Backend, specifically affecting the page module. The vulnerability was identified on July 13, 2016, and officially disclosed on September 13, 2016. It affects TYPO3 CMS versions 6.2.0 to 6.2.26, 7.6.0 to 7.6.10, and 8.0.0 to 8.3.0. The security issue was discovered and reported by Security Team Member Georg Ringer (TYPO3 Advisory).

The vulnerability stems from improper encoding of user input in the page module of TYPO3's backend system. The severity is classified as Moderate with a suggested CVSS v2.0 score of AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C. The vulnerability is categorized as CWE-79 (Cross-Site Scripting) (GitHub Advisory).

The vulnerability allows for Cross-Site Scripting attacks through the TYPO3 Backend. However, the impact is somewhat limited as exploitation requires a valid backend user account with specific permissions to edit plugins (TYPO3 Advisory).

The vulnerability has been patched in TYPO3 versions 6.2.27, 7.6.11, and 8.3.1. Users are advised to update to these patched versions to mitigate the vulnerability (TYPO3 Advisory).