Arbitrary Domain URL Manipulation in TYPO3 Frontend Rendering Component

Arbitrary Domain URL Manipulation in TYPO3 Frontend Rendering Component

CVE-2014-9508 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.

Learn more about our Web Application Penetration Testing UK.