TYPO3 is susceptible to Cross-Site Flashing

2024-06-0314:39:16

Google

osv.dev

typo3

vulnerability

cross-site flashing

flashplayer validation

external domains

software

7.1 High

AI Score

Confidence

Low

JSON

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains.

CPENameOperatorVersion
typo3/cmseq6.2.10-rc1
typo3/cmseq6.2.15
typo3/cmseq6.2.0
typo3/cmseq6.2.4
typo3/cmseq6.2.6
typo3/cmseq6.2.9
typo3/cmseq6.2.14
typo3/cmseq6.2.11
typo3/cmseq6.2.13
typo3/cmseq6.2.5

Name	Operator	Version
typo3/cms	eq	6.2.10-rc1
typo3/cms	eq	6.2.15
typo3/cms	eq	6.2.0
typo3/cms	eq	6.2.4
typo3/cms	eq	6.2.6
typo3/cms	eq	6.2.9
typo3/cms	eq	6.2.14
typo3/cms	eq	6.2.11
typo3/cms	eq	6.2.13
typo3/cms	eq	6.2.5

Rows per page:

1-10 of 171

References

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-4.yaml

github.com/TYPO3/typo3

typo3.org/security/advisory/typo3-core-sa-2015-014

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014

7.1 High

AI Score

Confidence

Low

JSON