EUVD-2026-35394

TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities...

CVE-2026-47347

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

CVE-2025-59013

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL...

CVE-2025-59013 Open Redirect in TYPO3 CMS

An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL...

CVE-2025-59013

TYPO3 CMS has an open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl affecting TYPO3 versions 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17. The issue allows redirecting users to arbitrary external sites via a manipulated, sanitized URL, enabling phi...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS, which stems from an open redirection in GeneralUtility::sanitizeLocalUrl that could lead to a phishing attack. The following versions are affected: 9.5.54 and earlier, 10.4.53 and earlie...

TYPO3 cross-site scripting (XSS)

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...

GHSA-989H-WV8X-933P TYPO3 cross-site scripting (XSS)

The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...

Typo3 CMS SanitizeLocalUrl Cross-Site Scripting (CVE-2015-5956)

A cross-site scripting vulnerability has been reported in Typo3 CMS. The vulnerability is due to the sanitizeLocalUrl function incorrectly validating the returnUrl and redirecturl HTTP request parameters. A remote attacker can exploit this vulnerability by enticing a user to open a specially...

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting Vulnerability

Typo3 CMS versions 6.2.14 and below and 4.5.40 and below suffer from a cross site scripting vulnerability. Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date...

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting

secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...