CVE-2024-55892

MEDIUM Year: 2024
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-601
View all →

Vulnerability Description

TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-16569

MEDIUM
CVSS:4.8(Medium)

An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.

CWE-6012017

CVE-2018-8813

MEDIUM
CVSS:4.8(Medium)

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a ...

CWE-6012018

CVE-2021-34763

MEDIUM
CVSS:4.8(Medium)

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open red...

CWE-6012021

CVE-2022-46407

MEDIUM
CVSS:4.8(Medium)

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted r...

CWE-6012022

CVE-2023-34224

MEDIUM
CVSS:4.8(Medium)

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible

CWE-6012023

CVE-2023-3568

MEDIUM
CVSS:4.8(Medium)

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

CWE-6012023