Open redirect in TYPO3 - CVE-2021-21338

 

Open redirect in TYPO3 - CVE-2021-21338

Published: March 16, 2021 / Updated: May 5, 2026


Vulnerability identifier: #VU129651
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-21338
CWE-ID: CWE-601
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: TYPO3
Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote attacker to redirect users to arbitrary content.

The vulnerability exists due to url redirection to untrusted site in login handling when processing login requests with a user-controlled redirect target. A remote attacker can supply a crafted redirect target to redirect users to arbitrary content.

User interaction is required for successful exploitation, which can facilitate phishing attacks.


How to mitigate CVE-2021-21338

Install security update from vendor's website.

Sources