XML External Entity (XXE) Processing in TYPO3 Core

2024-06-0414:47:00

Google

osv.dev

xml processing

typo3 cms

xee processing

denial of service

owasp

6.9 Medium

AI Score

Confidence

High

JSON

All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.

CPENameOperatorVersion
typo3/cmseq6.2.10-rc1
typo3/cmseq6.2.6
typo3/cmseq6.2.17
typo3/cmseq7.6.0
typo3/cmseq6.2.13
typo3/cmseq7.6.3
typo3/cmseq6.2.15
typo3/cmseq6.2.1
typo3/cmseq6.2.7
typo3/cmseq6.2.0

Name	Operator	Version
typo3/cms	eq	6.2.10-rc1
typo3/cms	eq	6.2.6
typo3/cms	eq	6.2.17
typo3/cms	eq	7.6.0
typo3/cms	eq	6.2.13
typo3/cms	eq	7.6.3
typo3/cms	eq	6.2.15
typo3/cms	eq	6.2.1
typo3/cms	eq	6.2.7
typo3/cms	eq	6.2.0

Rows per page:

1-10 of 241

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-02-23-1.yaml

typo3.org/security/advisory/typo3-core-sa-2016-005

6.9 Medium

AI Score

Confidence

High

JSON