#git

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability.

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.

Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.

Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.

The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.

Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.

The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database. Note: TYPO3 does not allow to create user accounts without a password. Your TYPO3 installation might only be affected if there is a third party component creating user accounts without password by directly manipulating the database.

### Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. ### PoC 1. Generate a pdf file with a malicious script in the fontmatrix. (This will run `alert(‘XSS’)`.) [poc.pdf](https://github.com/user-attachments/files/15516798/poc.pdf) 2. Run the app. In this PoC, I've used the demo for a simple proof.  3. Upload a PDF file containing the script.  4. Check that the script is running.  ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, e...

### Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. ### Patches New versions for the Aimeos HTML client 2020-2024 are available