5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.7%
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id
and L
allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
CPE | Name | Operator | Version |
---|---|---|---|
typo3 | eq | 11.3.0 | |
typo3 | eq | 8.5.0 | |
typo3 | eq | 11.5.3 | |
typo3 | eq | 10.4.0 | |
typo3 | eq | TYPO3_7-3-0 | |
typo3 | eq | TYPO3_8-0-0 | |
typo3 | eq | TYPO3_6-2-0beta2 | |
typo3 | eq | TYPO3_6-1-0rc1 | |
typo3 | eq | 11.5.2 | |
typo3 | eq | 7.6.1 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
6.9 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.7%