Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

2024-06-0517:19:26

Google

osv.dev

typo3

backend api

arbitrary code execution

cross-site scripting

tsconfig

directory traversal

backend user account

7.6 High

AI Score

Confidence

High

JSON

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings.

A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability.

CPENameOperatorVersion
typo3/cmseq8.7.7
typo3/cmseq8.1.2
typo3/cmseq8.7.9
typo3/cmseq8.7.8
typo3/cmseq8.7.14
typo3/cmseq8.5.1
typo3/cmseq8.6.1
typo3/cmseq9.5.3
typo3/cmseq9.5.5
typo3/cmseq8.0.0

Name	Operator	Version
typo3/cms	eq	8.7.7
typo3/cms	eq	8.1.2
typo3/cms	eq	8.7.9
typo3/cms	eq	8.7.8
typo3/cms	eq	8.7.14
typo3/cms	eq	8.5.1
typo3/cms	eq	8.6.1
typo3/cms	eq	9.5.3
typo3/cms	eq	9.5.5
typo3/cms	eq	8.0.0

Rows per page:

1-10 of 591

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-4.yaml

typo3.org/security/advisory/typo3-core-sa-2019-019

7.6 High

AI Score

Confidence

High

JSON