CVE-2013-1843
CVE-2013-1843 is a medium-severity vulnerability in Typo3 with a CVSS 2.0 base score of 6.4. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-399.
Key facts
- Severity: Medium (CVSS 2.0 base score 6.4)
- EPSS exploit prediction: 2% (82nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-399
- Affected product: Typo3
- Published:
- Last modified:
Description
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Frequently asked questions
- What is CVE-2013-1843?
- Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- How severe is CVE-2013-1843?
- CVE-2013-1843 has a CVSS 2.0 base score of 6.4, rated medium severity.
- Is CVE-2013-1843 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (82nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-1843?
- CVE-2013-1843 primarily affects Typo3. In total, 54 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2013-1843?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2013-1843 published?
- CVE-2013-1843 was published on 2013-03-20 and last updated on 2026-06-16.
References
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- http://secunia.com/advisories/52433
- http://secunia.com/advisories/52638
- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
- http://www.debian.org/security/2013/dsa-2646
- http://www.openwall.com/lists/oss-security/2013/03/12/3
- http://www.osvdb.org/90924
- http://www.securityfocus.com/bid/58330
Affected products (54)
- cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*
More vulnerabilities in Typo3
- CVE-2009-0258 — Critical (CVSS 10.0): The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and…
- CVE-2011-3583 — Critical (CVSS 9.8): It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not…
- CVE-2011-4628 — Critical (CVSS 9.8): TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication…
- CVE-2025-59017 — High (CVSS 8.8): Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53,…
- CVE-2023-24814 — High (CVSS 8.8): TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected…
- CVE-2021-41113 — High (CVSS 8.8): TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that…
Other CWE-399 (Resource Management Errors) vulnerabilities
- CVE-2015-8104 — Critical (CVSS 10.0): The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a…
- CVE-2015-0339 — Critical (CVSS 10.0): Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before…
- CVE-2015-0335 — Critical (CVSS 10.0): Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before…
- CVE-2015-0333 — Critical (CVSS 10.0): Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before…
- CVE-2014-4121 — Critical (CVSS 10.0): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized…
- CVE-2014-0560 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS…
Browse all CWE-399 (Resource Management Errors) vulnerabilities →