ByteOS Network

NVD Vulnerability Details :

CVE-2026-47347

Received

Source-f4fb688c-4412-4426-b4b8-421ecf27b14a

Published At-09 Jun, 2026 | 11:16

Updated At-09 Jun, 2026 | 11:16

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-601	Secondary	f4fb688c-4412-4426-b4b8-421ecf27b14a

CWE ID: CWE-601

Type: Secondary

Source: f4fb688c-4412-4426-b4b8-421ecf27b14a

References

Hyperlink	Source	Resource
https://github.com/TYPO3/typo3/commit/22c2dd5398ebc4cb7aa4aa37e02cb39181dee0cd	f4fb688c-4412-4426-b4b8-421ecf27b14a	N/A
https://github.com/TYPO3/typo3/commit/3ffc0835012c6199db0e1dc4b56a77147d8600e0	f4fb688c-4412-4426-b4b8-421ecf27b14a	N/A
https://typo3.org/security/advisory/typo3-core-sa-2026-009	f4fb688c-4412-4426-b4b8-421ecf27b14a	N/A