Description
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Remediation
References
Related Vulnerabilities
Play Framework Inadequate Encryption Strength Vulnerability (CVE-2019-17598)
WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)
Moodle Other Vulnerability (CVE-2004-2235)
WordPress Plugin WP Editor Arbitrary File Upload (1.2.5.3)
ownCloud Improper Input Validation Vulnerability (CVE-2013-1939)