CVE-2010-3661 – typo3/cms-backend

Package

Manager: composer
Name: typo3/cms-backend
Vulnerable Version: >=0 <4.1.14 || >=4.2.0 <4.2.13 || >=4.3.0 <4.3.4 || >=4.4.0 <4.4.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0027 pctl0.50204

Details

TYPO3 Open Redirection vulnerability on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.

Metadata

Created: 2022-04-21T01:57:46Z
Modified: 2024-02-06T23:03:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-j628-384g-rmgc/GHSA-j628-384g-rmgc.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-j628-384g-rmgc
Finding: F156
Auto approve: 1