Description
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.
Details
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| typo3/cms-core | 14.0.0 | 14.3.3 |
| unknown | — | — |
Similar Threats
- High CVE-2019-11832
- High CVE-2019-12747
- Unknown CVE-2019-12748
- Unknown CVE-2019-19848
- High CVE-2019-19849
Free Vulnerability Check
Is your WordPress site affected?
BotEraser helps you identify potentially vulnerable plugins and themes by checking your installation against known CVE records.
Scan My Site Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.