2 matches found
CVE-2022-24980
The CVE-2022-24980 issue affects Kitodo.Presentation (dlf) in TYPO3 before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4, where a missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs. This enables server-side request forgery (SSRF), letting an attacker v...
CVE-2020-16095
The CVE refers to the dlf (Kitodo.Presentation) TYPO3 extension, vulnerable to cross-site scripting (XSS) in versions before 3.1.2. The root cause involves insufficient sanitization/encoding of input affecting HTML output (notably in ListView and Navigation components). Impact is XSS in web pages...