https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-10T13:36:25.649200+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/6b777a04-7597-4ff3-b129-9a8d1d6e5b30/export6b777a04-7597-4ff3-b129-9a8d1d6e5b302026-05-10T13:36:26.005313+00:00Automation userhttp://cve.circl.lu/user/automation{"uuid": "6b777a04-7597-4ff3-b129-9a8d1d6e5b30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38499", "type": "seen", "source": "https://t.me/cibsecurity/67258", "content": "\u203c CVE-2023-38499 \u203c\n\nTYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-26T00:27:10.000000Z"}2023-07-26T00:27:10+00:00