CVE-2015-2821
TYPO3 Neos 1.1.x-1.1.2 and 1.2.x-1.2.2 - Unauthorized Content Node Access and Modification
Title source: llmDescription
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-neos/typo3-neos-sa-2015-001/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73700
Scores
EPSS
0.0032
EPSS Percentile
54.7%
Details
CWE
CWE-264
Status
published
Products (6)
typo3/neos
1.1.0
typo3/neos
1.1.1
typo3/neos
1.1.2
typo3/neos
1.2.0
typo3/neos
1.2.1
typo3/neos
1.2.2
Published
Apr 01, 2015
Tracked Since
Feb 18, 2026