cvedb.io
CVE-2024-55924
HIGH · CVSS 8
EPSS exploitation probability: 0%
Published 2025-01-14T20:15:30.367 · Last modified 2026-06-17T08:11:27.453

Summary

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings

Affected products

typo3 — typo3

Does this affect you?

Add your gear to cvedb and we'll alert you only when typo3 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.