4 matches found
EUVD-2021-2116
Malware in sbrugna...
CVE-2021-36793
The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...
CVE-2021-36793
The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...
Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...