Multiple vulnerabilities in TYPO3
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | N/A |
| CWE-ID | CWE-79 CWE-94 CWE-20 CWE-264 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
TYPO3 Web applications / CMS |
| Vendor | TYPO3 |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU17109
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the third party component websvg due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been addressed in the version 6.2.39 ELTS.
Vulnerable software versionsTYPO3: 6.2.0 - 7.1.0
External linkshttp://typo3.org/security/advisory/typo3-psa-2019-003/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Code Injection
EUVDB-ID: #VU17111
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in TYPO3 core API CommandUtility::checkCommand() method, available for usage for the third-party TYPO3 extensions. A remote attacker can send a specially crafted request to the affected extension and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system, however requires that a specific extension is used.
Install updates from vendor's website.
Vulnerable software versionsTYPO3: 8.7.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-psa-2019-001/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Remote code execution
EUVDB-ID: #VU17244
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’]. A remote attacker can upload *.phar, *.shtml, *.pl or *.cgi files which can be executed in certain web server setups.
Successful exploitation of the vulnerability may result in system compromise.
MitigationThe vulnerability has been addressed in the versions 8.7.23 and 9.5.4.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-008/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU17243
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in Form Framework due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been addressed in the versions 8.7.23 and 9.5.4.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-007/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site scripting
EUVDB-ID: #VU17242
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in Bootstrap CSS toolkit due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
The vulnerability has been addressed in the versions 8.7.23 and 9.5.4.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-006/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Cross-site scripting
EUVDB-ID: #VU17241
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in Fluid ViewHelpers due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been addressed in the versions 8.7.23 and 9.5.4.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-005/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting
EUVDB-ID: #VU17240
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in Language Pack Handling due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been addressed in the version 9.5.4.
Vulnerable software versionsTYPO3: 9.2.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-004/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security restrictions bypass
EUVDB-ID: #VU17239
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper privileges and access control. A remote attacker can modify and create pages in the default language which actually should be disallowed.
The vulnerability has been addressed in the version 8.7.23.
Vulnerable software versionsTYPO3: 8.0.0 - 8.7.22
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-003/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Security restrictions bypass
EUVDB-ID: #VU17238
Risk: Medium
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to database records containing insecure or empty credentials might be persisted when using the TYPO3 backend in order to create new backend user accounts. A remote attacker can retrieve additional information about installed system and third party extensions.
Successful exploitation of the vulnerability may result in some of the following:
- account contains empty login credentials (username and/or password)
- account is incomplete and contains weak credentials (username and/or password).
The vulnerability has been addressed in the versions 8.7.23 and 9.5.4.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-002/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Information disclosure
EUVDB-ID: #VU17237
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in mechanisms used for configuration of RequireJS package loading. A remote attacker can retrieve additional information about installed system and third party extensions.
The vulnerability has been addressed in the versions 8.7.23 and 9.5.4.
Vulnerable software versionsTYPO3: 8.0.0 - 9.5.3
External linkshttp://typo3.org/security/advisory/typo3-core-sa-2019-001/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
