Security
Headlines

Headlines Latest CVEs

Headline

GHSA-hww5-6x85-mc24: Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings.

A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability.

5 months ago

#xss #vulnerability #ios #git

GitHub Advisory Database
GitHub Reviewed
GHSA-hww5-6x85-mc24

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

Affected versions

>= 8.0.0, < 8.7.27

>= 9.0.0, < 9.5.8

Patched versions

8.7.27

9.5.8

Published to the GitHub Advisory Database

Jun 5, 2024

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

2 days ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

2 days ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

2 days ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

2 days ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

2 days ago