The extension "Form to Database" is susceptible to Cross-Site Scripting. This issue affects the following versions: before 2.2.5, from 3.0.0 before 3.2.2, from 4.0.0 before 4.2.3, from 5.0.0 before 5.0.2.

Affected Packages

Packagist lavitto/typo3-form-to-database

Affected versions: 0 (fixed in 2.2.5)

Packagist lavitto/typo3-form-to-database

Affected versions: 3.0.0 (fixed in 3.2.2)

Packagist lavitto/typo3-form-to-database

Affected versions: 4.0.0 (fixed in 4.2.3)

Packagist lavitto/typo3-form-to-database

Affected versions: 5.0.0 (fixed in 5.0.2)

Related CVEs

CVE-2025-10316

Key Information

GHSA ID

GHSA-54pg-2x9h-cmx8

Published

September 16, 2025 3:32 PM

Last Modified

September 16, 2025 7:34 PM

CVSS Score

2.5 /10

Primary Ecosystem

Packagist

Primary Package

lavitto/typo3-form-to-database

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 22, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.