The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
XSS
PHP
Typo3
NVD
CVSS 2.0
3.5
EPSS
0.2%