Security
Headlines

Headlines Latest CVEs

Headline

GHSA-hww5-6x85-mc24: Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings.

A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability.

4 months ago

#xss #vulnerability #ios #git

GitHub Advisory Database
GitHub Reviewed
GHSA-hww5-6x85-mc24

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

Affected versions

>= 8.0.0, < 8.7.27

>= 9.0.0, < 9.5.8

Patched versions

8.7.27

9.5.8

Published to the GitHub Advisory Database

Jun 5, 2024

ghsa: Latest News

GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

1 day ago

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

1 day ago

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

1 day ago

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

1 day ago

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

2 days ago