EUVD-2022-1250

Malicious code in bioql PyPI...

CVE-2022-24980

An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

GHSA-X832-R2RJ-4G5P SSRF in Kitodo.Presentation

An issue was discovered in the Kitodo.Presentation aka dlf extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

SSRF in Kitodo.Presentation

An issue was discovered in the Kitodo.Presentation aka dlf extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

CVE-2022-24980

An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

CVE-2022-24980

An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

Design/Logic Flaw

An issue was discovered in the Kitodo.Presentation aka dif extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to vie...

CVE-2022-24980

The CVE-2022-24980 issue affects Kitodo.Presentation (dlf) in TYPO3 before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4, where a missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs. This enables server-side request forgery (SSRF), letting an attacker v...

Server-side request forgery in extension "Kitodo.Presentation" (dlf)

A missing access check in an eID script of the extension allows an unauthenticated user to submit arbitrary URLs to this component. This results in Server-side request forgery allowing users to view the content of any file or webpage the webserver has access to...

GHSA-FPQV-X9HM-35J9 Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...

Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...

CVE-2020-16095

The dlf aka Kitodo.Presentation extension before 3.1.2 for TYPO3 allows XSS...

Cross site scripting

The dlf aka Kitodo.Presentation extension before 3.1.2 for TYPO3 allows XSS...

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

The extension fails to properly encode user input for output in HTML context. In addition, the extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting...