Headline
GHSA-374w-gwqr-fmxg: Cross-Site Scripting
The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
Package
composer brotkrueml/schema (Composer)
Affected versions
>= 2.0.0, < 2.5.1
< 1.13.1
Patched versions
2.5.1
1.13.1
Related news
CVE-2022-33154: Cross-Site Scripting in extension "Embedding schema.org vocabulary" (schema)
The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS.