CVE-2021-41113 Cross-Site-Request-Forgery in Backend URI Handling in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-014...

Design/Logic Flaw

Shopware before 5.5.8 has XSS via the Query String to the backend/Login or backend/Login/load/ URI...

CVE-2018-14978

An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI...

CVE-2018-8069

QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI...

CVE-2018-8069

QCMS 3.0 is affected by a cross-site scripting vulnerability: an attacker can inject arbitrary script via the webname parameter in the /backend/system.html URI. The issue is reported across multiple sources (NVD CVE-2018-8069 and Red Hat/CNVD entries). The root cause is improper handling/encoding...