6 matches found
BIT-TYPO3-2021-41113
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...
GHSA-657M-V5VM-F6RW Cross-Site-Request-Forgery in Backend
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described i...
Cross-Site-Request-Forgery in Backend
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described i...
Cross site request forgery (csrf)
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...
TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities
The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in Typo3's form engine component due to improper validation of user-supplied input before...
CVE-2020-11069
CVE-2020-11069 affects TYPO3 CMS 9.0.0–9.5.16 and 10.0.0–10.4.1. The issue is a same-site CSRF triggered by an XSS vulnerability in the backend UI/install tool, allowing a malicious payload uploaded to the server to execute in the victim’s session. In the worst case, an attacker could create new ...