2 matches found
Information disclosure
The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...
CVE-2021-36793
The CVE-2021-36793 issue affects TYPO3's Extbase Yaml Routes extension (pre-2.1.1). When CsrfTokenViewHelper is used, a session identifier is unsafely present in HTML output, enabling information disclosure. The vulnerability is documented with NVD metrics: CVSS v3.1 base score 7.5 (HIGH) and CVS...