CVE-2023-24814 – Persisted Cross-Site Scripting in Frontend Rendering in typo3
https://notcve.org/view.php?id=CVE-2023-24814
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. • https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484 https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549 https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3 https://typo3.org/s • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-23504 – TYPO3 contains Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
https://notcve.org/view.php?id=CVE-2022-23504
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. • https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVE-2022-23503 – TYPO3 vulnerable to Arbitrary Code Execution via Form Framework
https://notcve.org/view.php?id=CVE-2022-23503
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. • https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2022-23502 – TYPO3 contains Insufficient Session Expiration after Password Reset
https://notcve.org/view.php?id=CVE-2022-23502
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1. TYPO3 es un sistema de gestión de contenidos web basado en PHP de código abierto. • https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr • CWE-613: Insufficient Session Expiration •
CVE-2022-23501 – TYPO3 vulnerable to Improper Authentication in Frontend Login
https://notcve.org/view.php?id=CVE-2022-23501
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. • https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf • CWE-287: Improper Authentication •