Alexandre Romao

**Name of the Vulnerable Software and Affected Versions** TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.50 TYPO3 CMS versions 12.0.0 through 12.4.45 TYPO3 CMS versions 13.0.0 through 13.4.30 TYPO3 CMS versions 14.0.0 through 14.3.2 **Description** Applications utilizing the `sanitizeLocalUrl()` function within the `GeneralUtility` class to restrict URLs to local addresses are susceptible to open redirect attacks. This occurs when a URL is used after passing the sanitization checks, allowing attackers to redirect users to external malicious content, which can be leveraged for phishing attacks. **Recommendations** Update to version 10.4.57 or later. Update to version 11.5.51 or later. Update to version 12.4.46 or later. Update to version 13.4.31 or later. Update to version 14.3.3 or later.