CVE-2018-6905: Cross-site Scripting
(updated )
The page module in TYPO3 is vulnerable to XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
References
Code Behaviors & Features
Detect and mitigate CVE-2018-6905 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →