Lucene search
+L

64 matches found

snyk
snyk
added 2025/01/14 3:40 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the session and perform unauthorized actions. Note: This is only exploitable if the...

8.8CVSS7AI score0.00352EPSS
Exploits0References2
osv
osv
added 2025/01/14 3:40 p.m.13 views

GHSA-4G52-PQ8J-6QV5 TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

7.5CVSS8AI score0.00352EPSS
Exploits0References5
snyk
snyk
added 2025/01/14 3:25 p.m.5 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the victim's dashboard configuration by deceiving the victim into interacting with a malicious URL while...

5.1CVSS6.9AI score0.00188EPSS
Exploits0References2
github
github
added 2025/01/14 3:25 p.m.20 views

TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.5AI score0.00188EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/01/14 3:24 p.m.9 views

GHSA-CJFR-9F5R-3Q93 TYPO3 Cross-Site Request Forgery in Log Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.5AI score0.00235EPSS
Exploits0References7
osv
osv
added 2024/10/08 10:18 p.m.37 views

GHSA-FFCV-V6PW-QHRP Denial of Service in TYPO3 Bookmark Toolbar

Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. Solution Update to...

5.1CVSS5AI score0.00684EPSS
Exploits1References5
github
github
added 2024/10/08 10:18 p.m.14 views

Denial of Service in TYPO3 Bookmark Toolbar

Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. Solution Update to...

4.9CVSS6.5AI score0.00684EPSS
Exploits1References5Affected Software1
osv
osv
added 2024/06/05 5:10 p.m.7 views

GHSA-Q9C4-9V5M-597P Typo3 Information Disclosure in Backend User Interface

The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...

6.7AI score
Exploits0References3
osv
osv
added 2024/05/30 6:19 p.m.12 views

GHSA-RV8R-8MH5-5376 TYPO3 Information Disclosure in Backend User Interface

The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...

5.4CVSS6.7AI score
Exploits0References3
github
github
added 2024/05/30 6:19 p.m.10 views

TYPO3 Information Disclosure in Backend User Interface

The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this...

6.7AI score
Exploits0References3Affected Software1
osv
osv
added 2024/02/13 10:19 p.m.7 views

CVE-2024-25118 Information Disclosure of Hashed Passwords in TYPO3 Backend Forms

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...

4.3CVSS5.3AI score0.0056EPSS
Exploits0References4
nvd
nvd
added 2024/02/07 6:15 p.m.38 views

CVE-2024-24822

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually...

9.1CVSS7AI score0.00544EPSS
Exploits0References3
nvd
nvd
added 2024/01/24 8:15 p.m.36 views

CVE-2024-23646

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter selectedIds is susceptible to SQL Injection. Any backend user with very basic...

8.8CVSS9.2AI score0.00755EPSS
Exploits1References5
osv
osv
added 2021/08/19 3:53 p.m.26 views

GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS5.9AI score0.00727EPSS
Exploits0References6
github
github
added 2021/08/19 3:53 p.m.51 views

Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS1.1AI score0.00727EPSS
Exploits0References7Affected Software2
typo3
typo3
added 2020/11/17 12:0 a.m.32 views

Protecting Install Tool with Sudo Mode

When the system maintainer concept was introduced with TYPO3 v9.0.0 the necessity of having to enter a password when accessing the Install Tool via backend user interface was removed...

7AI score
Exploits0Affected Software1
cnvd
cnvd
added 2020/07/30 12:0 a.m.10 views

TYPO3 Backend User Interface component code issue vulnerability (CNVD-2021-26155)

TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland.Backend User Interface is one of the backend user interface components. A code issue vulnerability exists in the Backend User Interface component in TYPO3 versions 9.0.0 through...

8.8CVSS6.7AI score0.02229EPSS
Exploits0References1
cvelist
cvelist
added 2020/05/13 11:35 p.m.44 views

CVE-2020-11069 Cross-Site Request Forgery in TYPO3 CMS

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to...

8CVSS8.6AI score0.00699EPSS
Exploits0References1
friendsofphp
friendsofphp
added 2020/05/12 9:21 a.m.20 views

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

8.8CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
typo3
typo3
added 2020/05/12 12:0 a.m.21 views

Same-Origin Request Forgery to Backend User Interface

It has been discovered that the backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privilege...

6.8CVSS2.9AI score0.00699EPSS
Exploits0Affected Software1
Rows per page
Query Builder