02/07/2023

Critical security vulnerability closed

A security issue rated as critical was fixed with versions 10.4.36 LTS, 11.5.23 LTS.

As announced in the message "TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering", it was possible to inject malicious code on affected pages by exploiting a security vulnerability (so-called cross-site scripting).

Customers who use our TYPO3 update service have received this version automatically and do not have to worry about the security of their websites.

We recommend all users who run TYPO3 websites to keep their system up to date. If you have any questions or need advice, please contact us.

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo