GHSA-R4F8-F93X-5QH3 TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering

CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:F/RL:O/RC:C 8.2 Problem TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In combination with the TypoScript setting...

CVE-2023-24814

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

Cross site scripting

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv uses the unfiltered server environment variable PATHINFO, which allows attackers to inject malicious content. In...

PT-2023-1502 · Typo3 +1 · Typo3 +1

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 8.7.51 ELTS TYPO3 versions prior to 9.5.40 ELTS TYPO3 versions prior to 10.4.35 LTS TYPO3 versions prior to 11.5.23 LTS TYPO3 versions prior to 12.2.0 Description: The TYPO3 core component GeneralUtility::getIndpEnv us...

GHSA-5479-GQQR-F9GJ Typo3 Vulnerable to Cache Poisoning

Problem Description: A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option config.prefixLocalAnchors is used with the values "all" or "cached". The impact of this vulnerability is that unfamiliar looking links...

Typo3 Open Redirect In Frontend Rendering

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains. An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that...