It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms-core | lt | 7.6.32 | |
typo3/cms-core | lt | 9.5.2 | |
typo3/cms-core | lt | 8.7.21 |