CVE-2024-34537

MEDIUM

TYPO3 < 13.3.1 - Authenticated Denial of Service in Bookmark Toolbar

Title source: llm

Description

TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1.

References (3)

Core 3

Core References

Vendor Advisory

https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp

Vendor Advisory

https://typo3.org/security/advisory/typo3-core-sa-2024-011

Exploit, Third Party Advisory

https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar

Scores

CVSS v3 4.9

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (2)

typo3/cms-backend 13.0.0 - 13.3.1Packagist

typo3/typo3 10.0.0 - 10.4.46

Published Oct 28, 2024

Tracked Since Feb 18, 2026