CVE-2023-35783 in ke_search Extension
Summary
by MITRE • 06/16/2023
The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/17/2025
The CVE-2023-35783 vulnerability affects the ke_search extension for TYPO3, a popular faceted search solution that enables users to create searchable indexes of website content. This vulnerability represents a cross-site scripting flaw that exists in multiple version ranges including pre-4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2. The vulnerability specifically occurs when indexed data is processed and displayed within the search interface, creating an avenue for malicious actors to inject harmful scripts into the application's response. The flaw resides in how the extension handles and renders indexed content without proper sanitization or output encoding, making it susceptible to exploitation by attackers who can manipulate search results or indexed content.
This vulnerability operates under the Common Weakness Enumeration CWE-79 category, which classifies it as a cross-site scripting weakness where untrusted data is directly included in web pages without proper validation or encoding. The attack vector involves an attacker who can influence the indexed data or manipulate search parameters to inject malicious scripts that execute in the context of other users' browsers. The operational impact is significant as this vulnerability allows for persistent XSS attacks where malicious scripts can be stored in the indexed content and executed whenever users view search results. Attackers could potentially steal session cookies, perform actions on behalf of users, redirect to malicious sites, or even execute arbitrary code within the browser context of authenticated users.
The vulnerability demonstrates a critical flaw in the TYPO3 extension's data handling methodology, specifically in its search indexing and rendering components. When the ke_search extension processes content for indexing, it fails to properly sanitize or encode data before it is displayed in search results, creating a persistent XSS attack surface. This issue affects not only basic search functionality but also any feature that relies on indexed content display, including faceted navigation, result lists, and metadata presentation. The exploitation requires minimal prerequisites since attackers only need to influence the content that gets indexed, which could be achieved through various means including content injection, database manipulation, or by compromising content management workflows.
Organizations using affected versions of the ke_search extension should immediately apply the security patches released in versions 4.0.3, 4.6.6, and 5.0.2 respectively. The mitigation strategy involves implementing proper input validation and output encoding mechanisms for all indexed data before rendering it in search results. Security teams should also consider implementing web application firewalls with XSS detection capabilities and conducting thorough security reviews of all TYPO3 extensions to identify similar vulnerabilities. Additionally, regular monitoring of security advisories and maintaining up-to-date security patches for the TYPO3 CMS platform and all third-party extensions remains crucial for preventing exploitation. The vulnerability aligns with ATT&CK technique T1566.001 for initial access through malicious content, and T1059.001 for command and control through script execution, making it particularly dangerous in environments where users frequently interact with search functionalities.