The flaw has been patched in 7.6.58, 8.7.48, 9.5.37, 10.4.32, and 11.5.16 of typo3/cms-core. All prior versions on these release lines are affected. As user interaction is required, the bug is classified as moderate severity (CVSS score of 6.1).