CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Dashboard Module” allows attackers to manipulate the victim’s dashboard configuration.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-005
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-qwx7-39pw-2mhr
https://github.com/TYPO3-CMS/dashboard/commit/c2e5dbdda87...
January 14th, 2025 (6 months ago)
|
|
|
[typo3/cms-extensionmanager] TYPO3 Extension Manager Module vulnerable to Cross-Site Request Forgery
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-006
References
https://github.com/TYPO3/typo3...
January 14th, 2025 (6 months ago)
|
|
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-007
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6
https://github.com/TYPO3-CMS/form/commit/93327743f5d...
January 14th, 2025 (6 months ago)
|
|
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component.
Solution
Update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS that fix the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-008
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545
https://github.com/TYPO3-CMS/indexed_search/commit/cfda3f1edeea3c50034...
January 14th, 2025 (6 months ago)
|
|
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “Scheduler Module” allows attackers to trigger pre-defined command classes - which can lead to unauthorized import or export of data in the worst case.
Solution
Update to TYPO3 versions 11.5.42 ELTS that fixes the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-009
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-7835-fcv3-g256
https://typo3.or...
January 14th, 2025 (6 months ago)
|
|
|
Description: Problem
A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method.
Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions:
the user opens a malicious link, such as one sent via email.
the user visits a compromised or manipulated website while the following settings are misconfigured:
security.backend.enforceReferrer feature is disabled,
BE/cookieSameSite configuration is set to lax or none
The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions.
Solution
Update to TYPO3 versions 11.5.42 ELTS that fixes the problem described.
Credits
Thanks to Gabriel Dimitrov who reported this issue and to TYPO3 core and security members Benjamin Franzke, Oliver Hader, Andreas Kienast, Torben Hansen, Elias Häußler who fixed the issue.
References
TYPO3-CORE-SA-2025-010
References
https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj
https://typo3.org/security/advisory/typo3-core-sa-2025-010
https://github.com/adviso...
January 14th, 2025 (6 months ago)
|
|
|
Description: Impact
NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0.
A user with only edit right can join a realtime editing session where others, that where already there or that may join later, have script or programming access rights. This user can then insert script rendering macros that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights.
Here's an example that works with XWiki 15.10.9+ and 16.2.0+:
the attacker starts editing a wiki page in realtime (for which they have edit right)
another user, with script or programming access right joins the editing session (e.g. by clicking on a link / URL provided by the attacker)
the attacker inserts a script rendering macro, say {{velocity}}I can run scripts{{/velocity}}, in the edited content, using the WYSIWYG editor UI
the edited content is reloaded for both the attacker and the other user, in order to render the inserted macro
the attacker gets a rendering error message
the other user sees "I can run scripts"
The attacker can obviously use more advanced scripts to gain access rights.
Before XWiki 15.10.9 and 16.2.0 the edited content was not re-rendered for all the users in the editing sesesion, but only for the user that inserted the macro. This means that in orde...
January 14th, 2025 (6 months ago)
|
|
|
Description: RipperSec Targeted the Website of NISHTHA
January 14th, 2025 (6 months ago)
|
|
|
Description: Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...]
January 14th, 2025 (6 months ago)
|
|
|
Description: Today, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary information-sharing processes that, if adopted, can help protect organizations from emerging AI threats.
Specifically, the playbook:
Facilitates collaboration between federal agencies, private industry, international partners, and other stakeholders to raise awareness of AI cybersecurity risks and improve the resilience of AI systems.
Guides JCDC partners on how to voluntarily share information related to cybersecurity incidents and vulnerabilities associated with AI systems.
Delineates information-sharing protections and mechanisms.
Outlines CISA’s actions upon receiving shared information.
CISA urges JCDC partners to integrate the playbook into their incident response and information-sharing processes, make iterative improvements as needed, and provide feedback to CISA through [email protected].
Not a partner? Join JCDC to engage in synchronized cybersecurity planning, cyber defense, and response. Learn more by visiting CISA’s JCDC webpage and emailing [email protected].
January 14th, 2025 (6 months ago)
|