Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.

Remediation

References

CVE-2014-9508

Related Vulnerabilities

Moodle Other Vulnerability (CVE-2004-1711)

Apache HTTP Server Other Vulnerability (CVE-2003-0134)

Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)

WordPress Plugin Icon Widget Cross-Site Scripting (1.2.6)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31547)

Severity

Medium

Classification

CVE-2014-9508 CWE-59

Tags

Missing Update Known Vulnerabilities