Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

Remediation

References

CVE-2014-9509

Related Vulnerabilities

WordPress Plugin Roomcloud Multiple Cross-Site Scripting Vulnerabilities (1.1)

Oracle HTTP Server Use of Insufficiently Random Values Vulnerability (CVE-2020-35163)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36675)

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-12629)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-46242)

Severity

High

Classification

CVE-2014-9509 CWE-20

Tags

Missing Update Known Vulnerabilities