Description
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Header Images Cross-Site Scripting (2.0.0)
WebLogic CVE-2019-2568 Vulnerability (CVE-2019-2568)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-4448)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7864)
Oracle Database Server CVE-2020-2510 Vulnerability (CVE-2020-2510)