CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47127 – Weak Authentication in Session Handling in typo3/cms-core
https://notcve.org/view.php?id=CVE-2023-47127
14 Nov 2023 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. • https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 3CVE-2023-38499 – typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution
https://notcve.org/view.php?id=CVE-2023-38499
25 Jul 2023 — TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELT... • https://github.com/miguelc49/CVE-2023-38499-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-24814 – Persisted Cross-Site Scripting in Frontend Rendering in typo3
https://notcve.org/view.php?id=CVE-2023-24814
07 Feb 2023 — TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and... • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23504 – TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
https://notcve.org/view.php?id=CVE-2022-23504
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulner... • https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23503 – TYPO3 vulnerable to Arbitrary Code Execution via Form Framework
https://notcve.org/view.php?id=CVE-2022-23503
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the ... • https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23502 – TYPO3 contains Insufficient Session Expiration after Password Reset
https://notcve.org/view.php?id=CVE-2022-23502
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1. TYPO3 es un sistema de gestión de contenidos web basado en PHP de código abierto. • https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr • CWE-613: Insufficient Session Expiration •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23501 – TYPO3 vulnerable to Improper Authentication in Frontend Login
https://notcve.org/view.php?id=CVE-2022-23501
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.3... • https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23500 – TYPO3 subject to Uncontrolled Recursion resulting in Denial of Service
https://notcve.org/view.php?id=CVE-2022-23500
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but ... • https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h • CWE-674: Uncontrolled Recursion •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-36105 – User Enumeration via Response Timing in TYPO3
https://notcve.org/view.php?id=CVE-2022-36105
13 Sep 2022 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which... • https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6 • CWE-203: Observable Discrepancy •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-36106 – Missing check for expiration time of password reset token in TYPO3
https://notcve.org/view.php?id=CVE-2022-36106
13 Sep 2022 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. • https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a • CWE-287: Improper Authentication •