CVE 2.3 LOW

Cross-Site Scripting in extension “Form to Database” (form_to_database)_CVE-2025-10316

September 16, 2025 invoker category_cve
2.3 / 10
LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Description

The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2.

Basic Information

ID CVE-2025-10316
Source TYPO3
Published Sep 16, 2025 at 09:09

Affected Product

Vendor TYPO3
Product Extension "Form to Database" (form_to_database)
Affected Versions TYPO3 Extension "Form to Database" (form_to_database) 0
TYPO3 Extension "Form to Database" (form_to_database) 3.0.0
TYPO3 Extension "Form to Database" (form_to_database) 4.0.0
TYPO3 Extension "Form to Database" (form_to_database) 5.0.0

CWE Classification

CWE-79

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.