2 matches found
CVE-2020-26229 XML External Entity in Dashboard Widget
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the...
CVE-2020-26229
TYPO3 RSS widgets (Dashboard) are affected by an XML External Entity (XXE) issue in TYPO3 10.4.0–10.4.9, enabling XXE processing due to vulnerable XML handling. The issue is considered low risk/limited impact and notable for requiring a backend user account; no public exploitation details are pro...