5 matches found
GHSA-657M-V5VM-F6RW Cross-Site-Request-Forgery in Backend
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 8.2 Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described i...
CVE-2021-41114
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...
Input validation
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...
CVE-2021-41114
TYPO3 CMS is vulnerable to host header spoofing due to improper validation of the HTTP Host header. The regression in TYPO3 v11 reintroduced the issue after a previously mitigated design (trustedHostsPattern) was not evaluated. The CVE-2021-41114 entry describes host spoofing during frontend rend...
Cross-Site-Request-Forgery in Backend URI Handling
It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery...