CVE-2024-55920Cross-Site Request Forgery in Typo3

CWE-352Cross-Site Request ForgeryCWE-749Exposed Dangerous Method or Function4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 35.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3Typo3 Cms-dashboard
Timeline
PublishedJan 14

Description

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session o

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

Packagisttypo3/cms-dashboard10.0.010.4.48+3
NVDtypo3/typo310.0.010.4.48+3
CVEListV5typo3/typo34 versions+3

🔴Vulnerability Details

3
CVEList
Cross-Site Request Forgery in Dashboard Module in TYPO32025-01-14
GHSA
TYPO3 Cross-Site Request Forgery in Dashboard Module2025-01-14
OSV
TYPO3 Cross-Site Request Forgery in Dashboard Module2025-01-14
CVE-2024-55920 — Cross-Site Request Forgery in Typo3 | cvebase