6 matches found
CSRF token exposure in TYPO3 extension
When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...
CVE-2021-36793
The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...
CVE-2021-36793
The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...
CVE-2021-36793
The CVE-2021-36793 issue affects TYPO3's Extbase Yaml Routes extension (pre-2.1.1). When CsrfTokenViewHelper is used, a session identifier is unsafely present in HTML output, enabling information disclosure. The vulnerability is documented with NVD metrics: CVSS v3.1 base score 7.5 (HIGH) and CVS...
CVE-2021-36793
The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...
Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...