Lucene search
K

6 matches found

Cvelist
Cvelist
added 2025/01/14 7:55 p.m.16 views

CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/14 7:55 p.m.14 views

CVE-2024-55920 Cross-Site Request Forgery in Dashboard Module in TYPO3

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

4.3CVSS7.1AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 7:55 p.m.63 views

CVE-2024-55920

CVE-2024-55920 affects TYPO3 and specifically the backend Dashboard Module . The issue is a CSRF in deep-link handling plus improper use of HTTP GET for state-changing actions. Exploitation requires an active backend session and a user-initiated visit to a malicious URL, typically via phishing, w...

4.3CVSS4.7AI score0.00188EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/14 3:25 p.m.19 views

TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.5AI score0.00188EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/01/14 3:25 p.m.5 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the victim's dashboard configuration by deceiving the victim into interacting with a malicious URL while...

5.1CVSS6.9AI score0.00188EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 3:25 p.m.9 views

GHSA-QWX7-39PW-2MHR TYPO3 Cross-Site Request Forgery in Dashboard Module

Problem A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP...

4.3CVSS4.6AI score0.00188EPSS
Exploits0References5
Rows per page
Query Builder