Gernot Leitgab

**Name of the Vulnerable Software and Affected Versions** TYPO3 direct mail extension versions through 5.2.3 **Description** The issue allows Information Disclosure via a newsletter subscriber data Special Query. **Recommendations** For versions through 5.2.3, update to a version later than 5.2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.38 TYPO3 versions 4.6.x through 6.2.x before 6.2.9 TYPO3 versions 7.x before 7.0.2 **Description** The frontend rendering component in TYPO3 allows remote attackers to change URLs to arbitrary domains for links that only contain anchors, when `config.prefixLocalAnchors` is set and using a homepage with such links. This can be achieved by forging a request that modifies these links. The vulnerability is also dependent on URL rewriting being enabled in the web server, which is typically the case when using extensions like realurl or cooluri. However, installations where `config.absRefPrefix` is set are not affected. **Recommendations** For TYPO3 versions 4.5.x through 4.5.38, update to version 4.5.39 or later. For TYPO3 versions 4.6.x through 6.2.x before 6.2.9, update to version 6.2.9 or later. For TYPO3 versions 7.x before 7.0.2, update to version 7.0.2 or later. As a temporary workaround, consider disabling the `config.prefixLocalAnchors` option until a patch is available. Restrict access to the homepage of the TYPO3 installation to minimize the risk of exploitation, especially when URL rewriting is enabled.