CVE-2021-21338 — Open Redirect in Typo3

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

CNA4.7

EPSS

0.3%

top 51.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Typo3 CMS Typo3 Cms-core +1 more

Timeline

PublishedMar 23

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶Packagisttypo3/cms10.0.0 — 10.4.14+2

▶NVDtypo3/typo36.2.0 — 6.2.57+5

▶Packagisttypo3/cms-core6.2.0 — 6.2.57+5

▶CVEListV5typo3/typo3.cms6 versions+5

🔴Vulnerability Details

CVEList

Open Redirection in Login Handling↗2021-03-23

▶

GHSA

Open Redirection in Login Handling↗2021-03-23

▶

OSV

Open Redirection in Login Handling↗2021-03-23

▶