CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25120 – Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3
https://notcve.org/view.php?id=CVE-2024-25120
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1... • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-25121 – Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
https://notcve.org/view.php?id=CVE-2024-25121
13 Feb 2024 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root director... • https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2023-30451 – TYPO3 11.5.24 Path Traversal
https://notcve.org/view.php?id=CVE-2023-30451
20 Dec 2023 — In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. En TYPO3 11.5.24, el componente filelist permite a los atacantes (que tienen acceso al panel de administrador) leer archivos arbitrarios a través del directory traversal en el campo baseuri, como lo demuestra POST /typo... • https://packetstorm.news/files/id/176274 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-47125 – By-passing Cross-Site Scripting Protection in HTML Sanitizer
https://notcve.org/view.php?id=CVE-2023-47125
14 Nov 2023 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. • https://github.com/TYPO3/html-sanitizer/commit/b8f90717251d968c49dc77f8c1e5912e2fbe0dff • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47126 – Information Disclosure in Install Tool in typo3/cms-install
https://notcve.org/view.php?id=CVE-2023-47126
14 Nov 2023 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. • https://github.com/TYPO3/typo3/commit/1a735dac01ec7b337ed0d80c738caa8967dea423 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-47127 – Weak Authentication in Session Handling in typo3/cms-core
https://notcve.org/view.php?id=CVE-2023-47127
14 Nov 2023 — TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. • https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019 • CWE-287: Improper Authentication CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 3CVE-2023-38499 – typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution
https://notcve.org/view.php?id=CVE-2023-38499
25 Jul 2023 — TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELT... • https://github.com/miguelc49/CVE-2023-38499-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 2CVE-2023-24814 – Persisted Cross-Site Scripting in Frontend Rendering in typo3
https://notcve.org/view.php?id=CVE-2023-24814
07 Feb 2023 — TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and... • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23504 – TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
https://notcve.org/view.php?id=CVE-2022-23504
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulner... • https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-23503 – TYPO3 vulnerable to Arbitrary Code Execution via Form Framework
https://notcve.org/view.php?id=CVE-2022-23503
14 Dec 2022 — TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the ... • https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm • CWE-94: Improper Control of Generation of Code ('Code Injection') •