CVE-2025-59013

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL...

CVE-2025-59013

TYPO3 CMS has an open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl affecting TYPO3 versions 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. The issue allows redirecting users to arbitrary external sites via a manipulated, sanitized URL, enabling phi...

CVE-2025-59013 Open Redirect in TYPO3 CMS

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS, which stems from an open redirection in GeneralUtility::sanitizeLocalUrl that could lead to a phishing attack. The following versions are affected: 9.5.54 and earlier, 10.4.53 and earlie...

TYPO3 cross-site scripting (XSS)

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...

GHSA-989H-WV8X-933P TYPO3 cross-site scripting (XSS)

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...

Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)

A cross-site scripting vulnerability has been reported in Typo3 CMS. The vulnerability is due to the sanitizeLocalUrl function incorrectly validating the returnUrl and redirecturl HTTP request parameters. A remote attacker can exploit this vulnerability by enticing a user to open a specially...

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting Vulnerability

Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability. Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date...

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting

secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...