ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting

2024-05-3020:00:38

CWE-79

GitHub Advisory Database

github.com

extjs

typo3

cross-site scripting

http host-header

validation

host spoofing

absolute urls

404 handling

http enforcement

password reset links

virtual hosts environment

blog post

7.2 High

AI Score

Confidence

High

JSON

Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<4.5.34

typo3cms_poll_system_extensionRange<4.7.19

typo3cms_poll_system_extensionRange<6.1.9

typo3cms_poll_system_extensionRange<6.2.3

CPENameOperatorVersion
typo3/cmslt4.5.34
typo3/cmslt4.7.19
typo3/cmslt6.1.9
typo3/cmslt6.2.3

Name	Operator	Version
typo3/cms	lt	4.5.34
typo3/cms	lt	4.7.19
typo3/cms	lt	6.1.9
typo3/cms	lt	6.2.3

References

github.com/advisories/GHSA-mxjf-hc9v-xgv2

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml

github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb

github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8

github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d

github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669

typo3.org/security/advisory/typo3-core-sa-2014-001

web.archive.org/web/20140531042943/typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

7.2 High

AI Score

Confidence

High

JSON