Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

Remediation

References

CVE-2014-9509

Related Vulnerabilities

Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

MySQL CVE-2019-2789 Vulnerability (CVE-2019-2789)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)

WordPress Plugin Salon Booking System Cross-Site Request Forgery (3.13.1)

Severity

High

Classification

CVE-2014-9509 CWE-20

Tags

Missing Update Known Vulnerabilities