Lucene search
K

6 matches found

OSV
OSV
added 2024/03/06 11:10 a.m.23 views

BIT-TYPO3-2021-41113

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

8.8CVSS8.4AI score0.00619EPSS
Exploits0References3
OSV
OSV
added 2021/10/05 8:23 p.m.20 views

GHSA-657M-V5VM-F6RW Cross-Site-Request-Forgery in Backend

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described i...

8.8CVSS8.4AI score0.00699EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2021/10/05 8:23 p.m.36 views

Cross-Site-Request-Forgery in Backend

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described i...

8.8CVSS2.1AI score0.00619EPSS
Exploits0References9Affected Software2
Prion
Prion
added 2021/10/05 6:15 p.m.26 views

Cross site request forgery (csrf)

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as...

6.8CVSS8.5AI score0.00699EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/07/13 12:0 a.m.42 views

TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities

The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting XSS vulnerability exists in Typo3's form engine component due to improper validation of user-supplied input before...

10CVSS7.2AI score0.0199EPSS
Exploits0References8
CVE
CVE
added 2020/05/13 11:35 p.m.156 views

CVE-2020-11069

CVE-2020-11069 affects TYPO3 CMS 9.0.0–9.5.16 and 10.0.0–10.4.1. The issue is a same-site CSRF triggered by an XSS vulnerability in the backend UI/install tool, allowing a malicious payload uploaded to the server to execute in the victim’s session. In the worst case, an attacker could create new ...

8.8CVSS8.2AI score0.00699EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder