Lucene search
K

5 matches found

OSV
OSV
added 2021/10/05 8:23 p.m.20 views

GHSA-657M-V5VM-F6RW Cross-Site-Request-Forgery in Backend

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described i...

8.8CVSS8.4AI score0.00699EPSS
Exploits0References9
NVD
NVD
added 2021/10/05 6:15 p.m.30 views

CVE-2021-41114

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

5.3CVSS0.0116EPSS
Exploits0References3
Prion
Prion
added 2021/10/05 6:15 p.m.31 views

Input validation

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

5CVSS5AI score0.02662EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/10/05 5:15 p.m.79 views

CVE-2021-41114

TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...

5.3CVSS4.9AI score0.0116EPSS
Exploits0References3Affected Software1
Typo3
Typo3
added 2021/10/05 12:0 a.m.41 views

Cross-Site-Request-Forgery in Backend URI Handling

It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery...

6.8CVSS2.6AI score0.00699EPSS
Exploits0Affected Software1
Rows per page
Query Builder