CVE-2010-3661
Description
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TYPO3 backend open redirection vulnerability in versions before 4.1.14, 4.2.13, 4.3.4, and 4.4.1 allows attackers to redirect users to arbitrary external URLs.
CVE-2010-3661 describes an open redirection vulnerability in the TYPO3 backend. The issue arises from insufficient sanitization of user input in several backend components, allowing attackers to craft URLs that redirect users to arbitrary external destinations [1].
To exploit this vulnerability, an attacker must have a valid backend login, as the open redirection is present within authenticated areas of the TYPO3 backend. The attacker can then manipulate redirect parameters to point to malicious websites [1].
Successful exploitation could be used for phishing attacks, where victims are redirected to attacker-controlled pages that mimic legitimate TYPO3 interfaces, potentially leading to credential theft or other malicious activities [2].
TYPO3 addressed the vulnerability by releasing versions 4.1.14, 4.2.13, 4.3.4, and 4.4.1. Users are strongly advised to upgrade to these fixed versions to mitigate the risk [1][4].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-backendPackagist | < 4.1.14 | 4.1.14 |
typo3/cms-backendPackagist | >= 4.2.0, < 4.2.13 | 4.2.13 |
typo3/cms-backendPackagist | >= 4.3.0, < 4.3.4 | 4.3.4 |
typo3/cms-backendPackagist | >= 4.4.0, < 4.4.1 | 4.4.1 |
Affected products
2- TYPO3/TYPO3description
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-j628-384g-rmgcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-3661ghsaADVISORY
- bugs.debian.org/cgi-bin/bugreport.cgighsax_refsource_MISCWEB
- security-tracker.debian.org/tracker/CVE-2010-3661ghsax_refsource_MISCWEB
- typo3.org/security/advisory/typo3-sa-2010-012/ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.