Cross-site Scripting in the yoast_seo TYPO3 extension

The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability...

CVE-2021-36788

The CVE-2021-36788 entry concerns the Yoast SEO extension for TYPO3, vulnerable before version 7.2.3 due to improper encoding of user input in HTML output, enabling Cross-Site Scripting. Exploitation details vary by report, but a back-end TYPO3 account is typically required to trigger the issue. ...

Server-Side Request Forgery in yoast_seo

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

GHSA-M2Q4-QGHH-P9CQ Server-Side Request Forgery in yoast_seo

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

Server side request forgery (ssrf)

The yoastseo aka Yoast SEO extension before 7.2.1 for TYPO3 allows SSRF via a backend user account...

CVE-2021-31779

The CVE-2021-31779 issue affects the Yoast SEO extension for TYPO3, specifically versions prior to 7.2.1. A backend TYPO3 user could trigger server-side requests to arbitrary URLs due to insufficient restriction of analyzed URLs to domains managed by the site, enabling SSRF. The vulnerability is ...