CVE-2021-21338

MEDIUM

TYPO3 < 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Unauthenticated Open Redirect via Login Handling

Title source: llm

Description

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

References (3)

Core 3

Core References

Third Party Advisory x_refsource_confirm

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp

Release Notes, Third Party Advisory x_refsource_misc

https://packagist.org/packages/typo3/cms-core

Vendor Advisory x_refsource_misc

https://typo3.org/security/advisory/typo3-core-sa-2021-001

Scores

CVSS v3 4.7

EPSS 0.0025

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Details

CWE

CWE-601

Status published

Products (3)

typo3/cms 10.0.0 - 10.4.14Packagist

typo3/cms-core 6.2.0 - 6.2.57Packagist

typo3/typo3 6.2.0 - 6.2.57

Published Mar 23, 2021

Tracked Since Feb 18, 2026