Mikhail Khramenkov

**Name of the Vulnerable Software and Affected Versions** pixxio extension for TYPO3 versions prior to 1.0.6 **Description** An issue in the pixxio extension for TYPO3 allows an attacker to exploit a Server-Side Request Forgery (SSRF) vulnerability. This occurs because the extension fails to restrict image downloads to the configured pixx.io DAM URL. As a result, an attacker can download content from a remote location and save it to a user-controlled filename, potentially leading to Remote Code Execution. Exploitation requires a TYPO3 backend user account. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pixxio extension versions prior to 1.0.6 for TYPO3 **Description** The Access Control in the bundled media browser of the pixxio extension is broken. This allows an unauthenticated attacker to perform requests to the `pixx.io API` for the configured `API user`, enabling the download of various media files from the DAM system. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the bundled media browser to prevent unauthorized requests to the `pixx.io API`.

**Name of the Vulnerable Software and Affected Versions** October CMS versions prior to Build 472 and v1.1.5 **Description** The issue is related to an improper authentication mechanism in the October CMS platform, which is based on the Laravel PHP Framework. An attacker can exploit this by requesting an account password reset and then gaining access to the account using a specially crafted request. **Recommendations** For versions prior to Build 472 and v1.1.5, update to Build 472 or v1.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the account password reset feature until the update is applied.

Name of the Vulnerable Software and Affected Versions: october/system package versions prior to v1.1.5 october/system package versions prior to Build 472 Description: The issue allows an attacker to bypass authentication and take over a user account on an October CMS server. This can be exploited by unauthenticated users via a specially crafted request, affecting only frontend users. To exploit this vulnerability, the attacker must obtain a Laravel secret key for cookie encryption and signing. Recommendations: For versions prior to v1.1.5, update to v1.1.5 or later to resolve the issue. For versions prior to Build 472, update to Build 472 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the October CMS server until the issue is resolved. Avoid using the vulnerable `october/system` package until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Contao versions 4.0.0 through 4.4.55 Contao versions 4.0.0 through 4.9.17 Contao versions 4.0.0 through 4.11.6 Description: The issue allows backend cross-site scripting (XSS) via HTML attributes to an HTML field. This can be exploited by untrusted users who have the rights to modify HTML fields, such as those using TinyMCE. The malicious code can be executed both in the element preview in the back end and on the website in the front end. Recommendations: For Contao versions 4.0.0 through 4.4.55, update to Contao 4.4.56. For Contao versions 4.0.0 through 4.9.17, update to Contao 4.9.18. For Contao versions 4.0.0 through 4.11.6, update to Contao 4.11.7. As a temporary workaround, consider disabling all fields that allow HTML for untrusted back end users or disable the login for these users.

**Name of the Vulnerable Software and Affected Versions** yoast seo extension versions prior to 7.2.1 for TYPO3 **Description** The issue allows for Server-Side Request Forgery (SSRF) via a backend user account. SSRF is a type of attack where an attacker can trick a server into making requests to internal or external resources, potentially leading to unauthorized access or information disclosure. **Recommendations** For versions prior to 7.2.1, update to version 7.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** media2click (aka 2 Clicks for External Media) extension versions 1.x before 1.3.3 for TYPO3 **Description** The issue allows for XSS by a backend user account. **Recommendations** For media2click (aka 2 Clicks for External Media) extension versions 1.x before 1.3.3, update to version 1.3.3 or later to resolve the issue.