Christian Bülter

**Name of the Vulnerable Software and Affected Versions** Faceted Search (ke search) (affected versions not specified) **Description** The OOXML parsing of the file indexer fails to disable external entity resolution. This allows an attacker to use a specially crafted xlsx or pptx document placed in an indexed directory to trigger XML External Entity (XXE) injection—a process where an application processes external entities within an XML document. This can result in the reading of local files or the execution of outbound HTTP requests, with the retrieved data being written to the search index. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 (affected versions not specified) **Description** The `additional tables` configuration of the page and tt content indexers allows the use of arbitrary table and field names. A backend user with permissions to edit indexer configurations can exploit this to copy sensitive data from internal tables into the search index. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Faceted Search (ke search) (affected versions not specified) **Description** The file indexer fails to normalize the configured directory path. This allows a backend user with permissions to edit indexer configurations to index documents from arbitrary locations on the server file system by using path traversal sequences, which are characters used to navigate through the directory hierarchy to access files outside the intended folder. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Statistics (ke stats) extension versions prior to 1.1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This has been exploited in the wild. **Recommendations** For versions prior to 1.1.2, update to version 1.1.2 or later to resolve the issue.