Description

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Remediation

References

CVE-2017-6370

Related Vulnerabilities

Jetty Improper Resource Shutdown or Release Vulnerability (CVE-2022-2191)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-44449)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10406)

WordPress Plugin Google Analytics Dashboard Cross-Site Scripting (2.1.1)

WordPress Plugin Quick Post Widget Multiple Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.9.1)

Severity

Medium

Classification

CVE-2017-6370 CWE-319 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities