Vulnerability Database

308,379

Total vulnerabilities in the database

TYPO3 Security Misconfiguration in Install Tool Cookie

It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.

Published: Jun 7, 2024
Updated: Jun 27, 2024
GHSA: GHSA-f777-f784-36gm
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWEs:

CWE-1004

Affected Software
References

Software	From	Fixed in
typo3 / cms	7.0.0	7.6.32
typo3 / cms	8.0.0	8.7.21
typo3 / cms	9.0.0	9.5.2

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
https://typo3.org/security/advisory/typo3-core-sa-2018-009

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo