typo3/cms-core is vulnerable to a same-site request forgery. The attack is possible to trigger because it does not properly enforce HTTP Referer
header that usually protects against cross-site request forgery, allowing an authenticated backend user to launch the attack.
CPE | Name | Operator | Version |
---|---|---|---|
typo3/cms-core | le | 9.5.16 | |
typo3/cms-core | le | 10.4.1 | |
typo3/cms-core | le | 9.5.16 | |
typo3/cms-core | le | 10.4.1 |