Main Vulnerability Database Vulnerabilities #VU129651

Open redirect in TYPO3 - CVE-2021-21338

Published: March 16, 2021 / Updated: May 5, 2026

Vulnerability identifier: #VU129651

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-21338

CWE-ID: CWE-601

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TYPO3

Software vendor:
TYPO3

Description

The vulnerability allows a remote attacker to redirect users to arbitrary content.

The vulnerability exists due to url redirection to untrusted site in login handling when processing login requests with a user-controlled redirect target. A remote attacker can supply a crafted redirect target to redirect users to arbitrary content.

User interaction is required for successful exploitation, which can facilitate phishing attacks.

Remediation

Install security update from vendor's website.

External links

https://github.com/TYPO3/typo3/security/advisories/GHSA-4jhw-2p6j-5wmp
https://typo3.org/security/advisory/typo3-core-sa-2021-001

Open redirect in TYPO3 - CVE-2021-21338

Description

Remediation

External links

Please verify you're human