← Back

Kitodo.presentation

kitodo.presentation

Vendor: Kitodo • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-24980
1Kitodo
1Kitodo.presentation
Nov 21, 2024
Feb 19, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit ar...Show more
An issue was discovered in the Kitodo.Presentation (aka dif) extension before 2.3.2, 3.x before 3.2.3, and 3.3.x before 3.3.4 for TYPO3. A missing access check in an eID script allows an unauthenticated user to submit arbitrary URLs to this component. This results in SSRF, allowing attackers to view the content of any file or webpage the webserver has access to.Show less
CVE-2020-16095
1Kitodo
1Kitodo.presentation
Nov 21, 2024
Jul 29, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.