Typo3 : Security Vulnerabilities, CVEs, Published In January 2015
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
Max CVSS
7.5
EPSS Score
0.42%
Published
2015-01-04
Updated
2015-01-06
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2015-01-04
Updated
2016-11-28
2 vulnerabilities found