Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2020-15241 - Vulnerability Database
TYPO3

TYPO3 URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2020-15241

Medium
Reference: CVE-2020-15241
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-15241
Title: TYPO3 URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

TYPO3 Fluid Engine (package typo3fluid/fluid) before versions 2.0.5 2.1.4 2.2.1 2.3.5 2.4.1 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName fullName : defaultValue. Updated versions of this package are bundled in following TYPO3 (typo3/cms-core) versions as well: TYPO3 v8.7.25 (using typo3fluid/fluid v2.5.4) and TYPO3 v9.5.6 (using typo3fluid/fluid v2.6.1).