CVE-2024-25120 – Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
https://notcve.org/view.php?id=CVE-2024-25120
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c https://typo3.org/security/advisory/typo3-core-sa-2024-005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2024-25121 – Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
https://notcve.org/view.php?id=CVE-2024-25121
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. • https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 https://typo3.org/security/advisory/typo3-core-sa-2024-006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVE-2023-47125 – By-passing Cross-Site Scripting Protection in HTML Sanitizer
https://notcve.org/view.php?id=CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. • https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-mm79-jhqm-9j54 https://typo3.org/security/advisory/typo3-core-sa-2023-007 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-47127 – Weak Authentication in Session Handling in typo3/cms-core
https://notcve.org/view.php?id=CVE-2023-47127
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. • https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019 https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm https://typo3.org/security/advisory/typo3-core-sa-2023-006 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVE-2023-24814 – Persisted Cross-Site Scripting in Frontend Rendering in typo3
https://notcve.org/view.php?id=CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484 https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549 https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3 https://typo3.org/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •