CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11067 – Deserialization of Untrusted Data in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11067
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones 9.0.0 hasta 9.5.16 y versiones 10.0.0 hasta 10.4.1, ha sido detectado que la configuración del usuario del backend (en $BE_USER-)uc) es vulnerables a una deserialización no segura. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11066 – Improperly Controlled Modification of Dynamically-Determined Object Attributes in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.0.0 y menores a 9.5.17 y versiones mayores o iguales a 10.0.0 y versiones menores a 10.4.2, al llamar la función unserialize() sobre un contenido malicioso enviado por el usuario puede conllevar a una modificación de determinados atributos de objeto y resultar en la eliminación de un directorio arbitrario en el sistema de archivos, si es escribible para el servidor web. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11065 – Cross-Site Scripting in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11065
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que las etiquetas de enlace generadas por la funcionalidad typolink son vulnerables a un ataque de tipo cross-site scripting; las propiedades que han sido asignadas como atributos HTML no han sido analizadas correctamente. Esto ha sido corregido en las versiones 9.5.17 y 10.4.2. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4j77-gg36-9864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11064 – Cross-Site Scripting in TYPO3 CMS
https://notcve.org/view.php?id=CVE-2020-11064
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. En TYPO3 CMS versiones mayores o iguales a 9.5.12 y menores a 9.5.17, y versiones mayores o iguales a 10.2.0 y versiones menores a 10.4.2, ha sido detectado que los atributos placeholder de HTML que contienen datos de otros registros de bases de datos son vulnerables a un ataque de tipo cross-site scripting. Es requerida una cuenta de usuario del back-end válida para explotar esta vulnerabilidad. • https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-19849
https://notcve.org/view.php?id=CVE-2019-19849
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. Se descubrió un problema en TYPO3 versiones anteriores a la versión 8.7.30, versiones 9.x anteriores a la versión 9.5.12 y versiones 10.x anteriores a la versión 10.2.2. • https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security https://typo3.org/security/advisory/typo3-core-sa-2019-026 • CWE-502: Deserialization of Untrusted Data •