CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47126 – Information Disclosure in Install Tool in typo3/cms-install
https://notcve.org/view.php?id=CVE-2023-47126
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. • https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423 https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55 https://typo3.org/security/advisory/typo3-core-sa-2023-005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47127 – Weak Authentication in Session Handling in typo3/cms-core
https://notcve.org/view.php?id=CVE-2023-47127
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. • https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019 https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm https://typo3.org/security/advisory/typo3-core-sa-2023-006 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 3CVE-2023-38499 – typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution
https://notcve.org/view.php?id=CVE-2023-38499
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. TYPO3 es un sistema de gestión de contenidos web de código abierto basado en PHP. • https://github.com/miguelc49/CVE-2023-38499-1 https://github.com/miguelc49/CVE-2023-38499-2 https://github.com/miguelc49/CVE-2023-38499-3 https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r https://typo3.org/security/advisory/typo3-core-sa-2023-003 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-24814 – Persisted Cross-Site Scripting in Frontend Rendering in typo3
https://notcve.org/view.php?id=CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484 https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549 https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3 https://typo3.org/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23504 – TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
https://notcve.org/view.php?id=CVE-2022-23504
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. • https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •