14 matches found
EUVD-2015-2909
Malware in sbrugna...
Cross-site Scripting (XSS)
Typo3/Neos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of user input, allowing attackers to tamper with page rendering, redirect victims, capture credentials, and potentially upload backdoors...
Sensitive Information Disclosure
Typo3/Neos is vulnerable to Sensitive Information Disclosure. The vulnerability is due to internal workspaces being accessible without authentication, which was mistakenly assumed to be a feature...
typo3 Information Disclosure Security Note
Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows readi...
GHSA-WR3C-6C22-M9V6 Privilege Escalation in TYPO3 Neos
It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors...
Privilege Escalation in TYPO3 Neos
It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors...
GHSA-43CF-7F3H-38RG Privilege Escalation in TYPO3 Neos
It has been discovered that TYPO3 Neos is vulnerable to Privilege Escalation. Logged in editors could access, create and modify content nodes that exist in the workspace of other editors...
PT-2024-40059 · Typo3 · Typo3 Neos
Name of the Vulnerable Software and Affected Versions: TYPO3 Neos affected versions not specified Description: A privilege escalation issue has been discovered, allowing logged-in editors to access, create, and modify content nodes that exist in the workspace of other editors. Recommendations: At...
CVE-2015-2821
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors...
Design/Logic Flaw
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors...
CVE-2015-2821
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors...
CVE-2015-2821
TYPO3 Neos is affected: versions 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allow remote editors to access, create, and modify content nodes in other editors’ workspaces via unspecified vectors. The connected docs confirm the affected versions and the nature of the access, but do not provide the r...
Privilege Escalation in TYPO3 Neos
More info at https://www.neos.io/blog/neos-sa-2015-001.html...
Privilege Escalation in TYPO3 Neos
More info at https://www.neos.io/blog/neos-sa-2015-001.html...