Lucene search
GoogleOSV:CVE-2020-26229HistoryNov 23, 2020 - 10:15 p.m.
CVE-2020-26229
2020-11-2322:15:12
Google
osv.dev
6
typo3
rss widget
xml external entity
vulnerability
php
update
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described.
Related
openvas
openvas
TYPO3 XXE Vulnerability (TYPO3-CORE-SA-2020-012)
2021-05-17 00:00:00
cvelist
cvelist
CVE-2020-26229 XML External Entity in Dashboard Widget
2020-11-23 21:15:18
nvd
nvd
CVE-2020-26229
2020-11-23 22:15:12
cve
cve
CVE-2020-26229
2020-11-23 22:15:12
github
github
XML External Entity in Dashboard Widget
2020-11-23 21:18:44
osv
osv
BIT-typo3-2020-26229
2024-03-06 11:11:29
XML External Entity in Dashboard Widget
2020-11-23 21:18:44
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
2020-11-17 08:51:21
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
2020-11-17 08:51:21
veracode
veracode
XML External Entity (XXE)
2020-11-24 05:49:35
prion
prion
Xxe
2020-11-23 22:15:00
typo3
typo3
XML External Entity in Dashboard Widget
2020-11-17 00:00:00