PT-2021-14432 · Typo3 · Typo3
Alexander Kellner
·
Published
2021-03-23
·
Updated
2024-03-06
·
CVE-2021-21338
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 6.2.57
TYPO3 versions prior to 7.6.51
TYPO3 versions prior to 8.7.40
TYPO3 versions prior to 9.5.25
TYPO3 versions prior to 10.4.14
TYPO3 versions prior to 11.1.1
Description
The Login Handling in TYPO3 is susceptible to open redirection, allowing attackers to redirect to arbitrary content and conduct phishing attacks. No authentication is required to exploit this issue.
Recommendations
Update to version 6.2.57
Update to version 7.6.51
Update to version 8.7.40
Update to version 9.5.25
Update to version 10.4.14
Update to version 11.1.1
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3