typo3/cms is a free open source Content Management Framework.
Affected versions of this package are vulnerable to Information Exposure. User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack.
typo3/cms to version 11.1.1, 10.4.14, 9.5.25 or higher.