Lucene search
K

11635 matches found

OSV
OSV
added 2025/01/14 8:0 p.m.8 views

CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS6.5AI score0.00235EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/14 7:57 p.m.48 views

CVE-2024-55894 TYPO3 Cross-Site Request Forgery in Backend User Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS0.00235EPSS
Exploits0References5
CVE
CVE
added 2025/01/14 7:55 p.m.59 views

CVE-2024-55920

CVE-2024-55920 affects TYPO3 and specifically the backend Dashboard Module . The issue is a CSRF in deep-link handling plus improper use of HTTP GET for state-changing actions. Exploitation requires an active backend session and a user-initiated visit to a malicious URL, typically via phishing, w...

4.3CVSS4.7AI score0.00188EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/01/14 7:36 p.m.59 views

CVE-2024-55921

Summary: CVE-2024-55921 affects TYPO3 via the Extension Manager Module, where a CSRF weakness in deep-link handling and improper acceptance of state-changing actions via HTTP GET can allow an attacker to abuse an active backend session through a malicious URL. Conditions that enable exploitation ...

8.8CVSS8AI score0.00352EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/14 7:20 p.m.8 views

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS4.7AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/14 7:20 p.m.13 views

CVE-2024-55923 Cross-Site Request Forgery in Indexed Search Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 7:20 p.m.55 views

CVE-2024-55923

CVE-2024-55923 describes a CSRF flaw in the TYPO3 backend deep-link functionality within the Indexed Search Module . The vulnerability can enable an attacker to delete items in the module when a logged-in backend user is tricked into visiting a malicious URL, under misconfigurations where the bac...

4.3CVSS4.7AI score0.00188EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/14 7:14 p.m.7 views

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS6.8AI score0.00218EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/14 7:14 p.m.42 views

CVE-2024-55945 Cross-Site Request Forgery in DB Check Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS0.00218EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/01/14 5:37 p.m.10 views

CVE-2024-12086

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS8AI score0.01761EPSS
Exploits1
Snyk
Snyk
added 2025/01/14 3:42 p.m.2 views

Exposed Dangerous Method or Function

Overview typo3/cms-lowlevel is an Enables the 'Config' and 'DB Check' modules for technical analysis of the system. This includes raw database search, checking relations, counting pages and records etc. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via t...

6.5CVSS6.9AI score0.00218EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 3:40 p.m.10 views

GHSA-7R5Q-4QGX-V545 TYPO3 Indexed Search Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.6AI score0.00188EPSS
Exploits0References5
Snyk
Snyk
added 2025/01/14 3:40 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and delete items by sending a crafted URL to a logged-in user. Note: This is...

5.1CVSS6.9AI score0.00188EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:40 p.m.4 views

Exposed Dangerous Method or Function

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate or delete persisted form definitions by deceiving a...

5.4CVSS6.9AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 3:40 p.m.7 views

GHSA-WW7H-G2QF-7XV6 TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

5.4CVSS5.5AI score0.00183EPSS
Exploits0References5
Snyk
Snyk
added 2025/01/14 3:25 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the victim's dashboard configuration by deceiving the victim into interacting with a malicious URL while...

5.1CVSS6.9AI score0.00188EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/01/14 3:25 p.m.19 views

TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.5AI score0.00188EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/01/14 3:25 p.m.8 views

GHSA-QWX7-39PW-2MHR TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.6AI score0.00188EPSS
Exploits0References5
Snyk
Snyk
added 2025/01/14 3:25 p.m.3 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Backend User Module. An attacker can manipulate user actions by tricking a victim into visiting a malicious URL while logged into the backend. Note: This is only exploitable if...

5.4CVSS6.9AI score0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/14 12:0 a.m.19 views

CVE-2024-57761

An arbitrary file upload vulnerability in the parserXML method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file...

0.00473EPSS
Exploits1References1
Rows per page
Query Builder