QSearchQSearch

CVE-2026-47347

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is use...

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CWE
CWE-601

Description

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-41706 Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that us... (6.1 MEDIUM)
  • CVE-2026-41008 Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter (6.1 MEDIUM)
  • CVE-2026-47991 Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability... (4.3 MEDIUM)
  • CVE-2026-28301 A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website (4.8 MEDIUM)
  • CVE-2026-41844 A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an... (4.2 MEDIUM)