Latest typo3 typo3 Vulnerabilities

CVE-2023-30451
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w6x2-jg8h-p6mp. This link is maintained to preserve external references. ## Original Description In TYPO3 11.5...
Typo3 Typo3=11.5.24
composer/typo3/cms-core=11.5.24
composer/typo3/cms-core=13.0.0
composer/typo3/cms-core>=12.0.0<=12.4.10
composer/typo3/cms-core>=11.0.0<=11.5.34
composer/typo3/cms-core>=10.0.0<=10.4.42
and 2 more
CVE-2023-47125
By-passing Cross-Site Scripting Protection in HTML Sanitizer
composer/typo3/html-sanitizer>=2.0.0<=2.1.3
composer/typo3/html-sanitizer>=1.0.0<=1.5.2
TYPO3 HTML Sanitizer>=1.0.0<1.5.3
TYPO3 HTML Sanitizer>=2.0.0<2.1.4
Typo3 Typo3>=8.7.42<8.7.55
Typo3 Typo3>=9.5.29<9.5.44
and 3 more
CVE-2023-47126
Information Disclosure in Install Tool in typo3/cms-install
composer/typo3/cms-install>=12.2.0<12.4.8
Typo3 Typo3>=12.2.0<12.4.8
CVE-2023-47127
Weak Authentication in Session Handling in typo3/cms-core
Typo3 Typo3>=8.0.0<8.7.55
Typo3 Typo3>=9.0.0<9.5.44
Typo3 Typo3>=10.0.0<10.4.41
Typo3 Typo3>=11.0.0<11.5.33
Typo3 Typo3>=12.0.0<12.4.8
composer/typo3/cms-core>=12.0.0<=12.4.7
and 4 more
CVE-2023-38499
> ### CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (3.5) ### Problem In multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to r...
composer/typo3/cms-core>=12.0.0<12.4.4
composer/typo3/cms-core>=11.0.0<11.5.30
composer/typo3/cms-core>=10.0.0<10.4.39
composer/typo3/cms-core>=9.4.0<9.5.42
Typo3 Typo3>=9.4.0<9.5.42
Typo3 Typo3>=10.0.0<10.4.39
and 2 more
CVE-2023-24814
TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering
composer/typo3/cms>=10.0.0<10.4.35>=11.0.0<11.5.23>=12.0.0<12.2.0
composer/typo3/cms-core>=10.0.0<10.4.35>=11.0.0<11.5.23>=12.0.0<12.2.0
Typo3 Typo3>=8.7.0<9.7.51
Typo3 Typo3>=9.0.0<9.5.40
Typo3 Typo3>=10.0.0<10.4.36
Typo3 Typo3>=11.0.0<11.5.23
and 1 more
CVE-2022-23504
TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
composer/typo3/cms-core>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
composer/typo3/cms>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
Typo3 Typo3>=9.0.0<9.5.38
Typo3 Typo3>=10.0.0<10.4.33
Typo3 Typo3>=11.0.0<11.5.20
Typo3 Typo3>=12.0.0<12.1.1
CVE-2022-23503
TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework
composer/typo3/cms-core>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
composer/typo3/cms>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
Typo3 Typo3>=8.0.0<8.7.49
Typo3 Typo3>=9.0.0<9.5.38
Typo3 Typo3>=10.0.0<10.4.33
Typo3 Typo3>=11.0.0<11.5.20
and 1 more
CVE-2022-23502
TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset
composer/typo3/cms-core>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
composer/typo3/cms>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
Typo3 Typo3>=10.0.0<10.4.33
Typo3 Typo3>=11.0.0<11.5.20
Typo3 Typo3>=12.0.0<12.1.1
CVE-2022-23501
TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login
composer/typo3/cms-core>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
composer/typo3/cms>=10.0.0<10.4.33>=11.0.0<11.5.20>=12.0.0<12.1.1
Typo3 Typo3<8.7.49
Typo3 Typo3>=9.0.0<9.5.38
Typo3 Typo3>=10.0.0<10.4.33
Typo3 Typo3>=11.0.0<11.5.20
and 1 more
CVE-2022-23500
TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling
composer/typo3/cms-core>=10.0.0<10.4.33>=11.0.0<11.5.20
composer/typo3/cms>=10.0.0<10.4.33>=11.0.0<11.5.20
Typo3 Typo3>=9.0.0<9.5.38
Typo3 Typo3>=10.0.0<10.4.33
Typo3 Typo3>=11.0.0<11.5.20
CVE-2022-36108
TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper
composer/typo3/cms-core>=10.0.0<10.4.32>=11.0.0<11.5.16
composer/typo3/cms>=10.0.0<10.4.32>=11.0.0<11.5.16
Typo3 Typo3>=10.0.0<=10.4.31
Typo3 Typo3>=11.0.0<=11.5.15
CVE-2022-36107
TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
composer/typo3/cms>=10.0.0<10.4.32>=11.0.0<11.5.16
composer/typo3/cms-core>=10.0.0<10.4.32>=11.0.0<11.5.16
Typo3 Typo3>=7.0.0<=7.6.57
Typo3 Typo3>=8.0.0<=8.7.47
Typo3 Typo3>=9.0.0<=9.5.36
Typo3 Typo3>=10.0.0<=10.4.31
and 1 more
CVE-2022-36106
TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
composer/typo3/cms>=10.0.0<10.4.32>=11.0.0<11.5.16
composer/typo3/cms-core>=10.0.0<10.4.32>=11.0.0<11.5.16
Typo3 Typo3>=10.0.0<=10.4.31
Typo3 Typo3>=11.0.0<=11.5.15
CVE-2022-36105
TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing
composer/typo3/cms>=10.0.0<10.4.32>=11.0.0<11.5.16
composer/typo3/cms-core>=10.0.0<10.4.32>=11.0.0<11.5.16
Typo3 Typo3>=7.0.0<=7.6.57
Typo3 Typo3>=8.0.0<=8.7.47
Typo3 Typo3>=9.0.0<=9.5.36
Typo3 Typo3>=10.0.0<=10.4.31
and 1 more
CVE-2022-36104
TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
composer/typo3/cms>=11.0.0<11.5.16
composer/typo3/cms-core>=11.0.0<11.5.16
Typo3 Typo3>=11.4.0<=11.5.15
CVE-2022-31050
TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
composer/typo3/cms>=10.0.0<10.4.29>=11.0.0<11.5.11
composer/typo3/cms-core>=10.0.0<10.4.29>=11.0.0<11.5.11
Typo3 Typo3>=9.0.0<9.5.35
Typo3 Typo3>=10.0.0<10.4.29
Typo3 Typo3>=11.0.0<11.5.11
CVE-2022-31049
TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
composer/typo3/cms-core>=10.0.0<10.4.29>=11.0.0<11.5.11
composer/typo3/cms>=10.0.0<10.4.29>=11.0.0<11.5.11
Typo3 Typo3>=9.0.0<9.5.35
Typo3 Typo3>=10.0.0<10.4.29
Typo3 Typo3>=11.0.0<11.5.11
CVE-2022-31048
TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
composer/typo3/cms-core>=10.0.0<10.4.29>=11.0.0<11.5.11
composer/typo3/cms>=10.0.0<10.4.29>=11.0.0<11.5.11
Typo3 Typo3>=8.0.0<8.7.47
Typo3 Typo3>=9.0.0<9.5.35
Typo3 Typo3>=10.0.0<10.4.29
Typo3 Typo3>=11.0.0<11.5.11
CVE-2022-31047
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have be...
Typo3 Typo3>=7.0.0<7.6.57
Typo3 Typo3>=8.0.0<8.7.47
Typo3 Typo3>=9.0.0<9.5.35
Typo3 Typo3>=10.0.0<10.4.29
Typo3 Typo3>=11.0.0<11.5.11
composer/typo3/cms>=10.0.0<10.4.29>=11.0.0<11.5.11
and 8 more
CVE-2022-31046
TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
composer/typo3/cms-core>=10.0.0<10.4.29>=11.0.0<11.5.11
composer/typo3/cms>=10.0.0<10.4.29>=11.0.0<11.5.11
Typo3 Typo3>=7.0.0<7.6.57
Typo3 Typo3>=8.0.0<8.7.47
Typo3 Typo3>=9.0.0<9.5.35
Typo3 Typo3>=10.0.0<10.4.29
and 1 more
CVE-2021-41114
### Meta * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:F/RL:O/RC:C` (3.5) ### Problem It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the...
composer/typo3/cms>=11.0.0<11.5.0
composer/typo3/cms-core>=11.0.0<11.5.0
Typo3 Typo3>=11.0.0<11.5.0
composer/typo3/cms>=11.0.0<11.5.0
composer/typo3/cms-core>=11.0.0<11.5.0
>=11.0.0<11.5.0
CVE-2021-41113
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) ### Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share [deep l...
composer/typo3/cms-core>=11.2.0<11.5.0
composer/typo3/cms>=11.2.0<11.5.0
Typo3 Typo3>=11.2.0<11.5.0
composer/typo3/cms>=11.2.0<11.5.0
composer/typo3/cms-core>=11.2.0<11.5.0
>=11.2.0<11.5.0
CVE-2021-32768
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.7) ### Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering pro...
composer/typo3/cms>=10.0.0<10.4.19>=11.0.0<11.3.2>=9.0.0<9.5.29
composer/typo3/cms-core>=10.0.0<10.4.19>=11.0.0<11.3.2>=9.0.0<9.5.29
Typo3 Typo3>=7.0.0<=7.6.52
Typo3 Typo3>=8.0.0<=8.7.41
Typo3 Typo3>=9.0.0<=9.5.28
Typo3 Typo3>=10.0.0<=10.4.18
and 16 more
CVE-2021-32767
> ### Meta > * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level d...
composer/typo3/cms-core>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
composer/typo3/cms>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
Typo3 Typo3>=7.0.0<=7.6.51
Typo3 Typo3>=8.0.0<=8.7.40
Typo3 Typo3>=9.0.0<=9.5.27
Typo3 Typo3>=10.0.0<=10.4.17
and 14 more
CVE-2021-32669
### Problem Failing to properly encode settings for _backend layouts_, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit t...
composer/typo3/cms>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
composer/typo3/cms-core>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
Typo3 Typo3>=8.0.0<=8.7.40
Typo3 Typo3>=9.0.0<=9.5.28
Typo3 Typo3>=10.0.0<=10.4.17
Typo3 Typo3>=11.0.0<=11.3.0
and 11 more
CVE-2021-32668
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (4.5) ### Problem Failing to properly encode error messages, the components _QueryGenerator_ and _QueryView_ are vuln...
composer/typo3/cms-core>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
composer/typo3/cms>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
Typo3 Typo3>=8.0.0<=8.7.40
Typo3 Typo3>=9.0.0<=9.5.28
Typo3 Typo3>=10.0.0<=10.4.17
Typo3 Typo3>=11.0.0<=11.3.0
and 11 more
CVE-2021-32667
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC` (5.0) ### Problem Failing to properly encode _Page TSconfig_ settings, corresponding page preview module (_Web>View_) i...
composer/typo3/cms>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
composer/typo3/cms-core>=10.0.0<10.4.18>=11.0.0<11.3.1>=9.0.0<9.5.28
Typo3 Typo3>=9.0.0<=9.5.287
Typo3 Typo3>=10.0.0<=10.4.17
Typo3 Typo3>=11.0.0<=11.3.0
composer/typo3/cms>=9.0.0<9.5.28
and 8 more
CVE-2021-21365
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit t...
Typo3 Typo3<7.1.2
Typo3 Typo3>=8.0.0<8.0.8
Typo3 Typo3>=9.0.0<9.0.4
Typo3 Typo3>=9.1.0<9.1.3
Typo3 Typo3>=10.0.0<10.0.10
Typo3 Typo3>=11.0.0<11.0.3
CVE-2021-21340
### Problem It has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user ac...
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1
Typo3 Typo3>=10.0.0<10.4.14
Typo3 Typo3>=11.0.0<11.1.1
composer/typo3/cms>=11.0.0<11.1.1
composer/typo3/cms>=10.0.0<10.4.14
and 4 more
CVE-2021-21358
### Problem It has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is ne...
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1
Typo3 Typo3>=10.2.0<10.4.14
Typo3 Typo3>=11.0.0<11.1.1
composer/typo3/cms>=11.0.0<11.1.1
composer/typo3/cms>=10.0.0<10.4.14
and 4 more
CVE-2021-21370
### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user accoun...
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
Typo3 Typo3>=7.0.0<7.6.51
Typo3 Typo3>=8.0.0<8.7.40
Typo3 Typo3>=9.0.0<9.5.25
Typo3 Typo3>=10.0.0<10.4.14
and 12 more
CVE-2021-21339
### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combin...
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
Typo3 Typo3>=6.2.0<6.2.57
Typo3 Typo3>=7.0.0<7.6.51
Typo3 Typo3>=8.0.0<8.7.40
Typo3 Typo3>=9.0.0<9.5.25
and 11 more
CVE-2021-21359
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5) > * CWE-405, CWE-674 > * Status: **DRAFT** ### Problem Requesting invalid or non-existing resources via HTTP t...
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
Typo3 Typo3>=9.0.0<9.5.25
Typo3 Typo3>=10.0.0<10.4.14
Typo3 Typo3>=11.0.0<11.1.1
composer/typo3/cms>=9.0.0<9.5.25
and 8 more
CVE-2021-21357
### Problem Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the def...
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
Typo3 Typo3>=8.0.0<8.7.40
Typo3 Typo3>=9.0.0<9.5.25
Typo3 Typo3>=10.0.0<10.4.14
Typo3 Typo3>=11.0.0<11.1.1
and 10 more
CVE-2021-21355
### Problem Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern...
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
Typo3 Typo3>=8.0.0<8.7.40
Typo3 Typo3>=9.0.0<9.5.25
Typo3 Typo3>=10.0.0<10.4.14
Typo3 Typo3>=11.0.0<11.1.1
and 10 more
CVE-2021-21338
### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication i...
composer/typo3/cms-core>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
composer/typo3/cms>=10.0.0<10.4.14>=11.0.0<11.1.1>=9.0.0<9.5.25
Typo3 Typo3>=6.2.0<6.2.57
Typo3 Typo3>=7.0.0<7.6.51
Typo3 Typo3>=8.0.0<8.7.40
Typo3 Typo3>=9.0.0<9.5.25
and 11 more
CVE-2020-26228
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryp...
composer/typo3/cms-core>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
composer/typo3/cms>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
Typo3 Typo3>=9.0.0<9.5.23
Typo3 Typo3>=10.0.0<10.4.10
composer/typo3/cms>=8.7.0<8.7.38
composer/typo3/cms>=9.0.0<9.5.23
and 6 more
CVE-2020-26227
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) > * CWE-79 ### Problem It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core...
composer/typo3/cms-core>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
composer/typo3/cms>=10.0.0<10.4.10>=9.0.0<9.5.23>=8.7.0<8.7.38
Typo3 Typo3>=6.2.0<6.2.54
Typo3 Typo3>=7.6.0<7.6.48
Typo3 Typo3>=8.7.0<8.7.38
Typo3 Typo3>=9.0.0<9.5.23
and 7 more
CVE-2020-26229
### Problem It has been discovered that RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce ...
composer/typo3/cms-core>=10.0.0<10.4.10
composer/typo3/cms>=10.0.0<10.4.10
Typo3 Typo3>=10.0.0<10.4.10
composer/typo3/cms>=10.0.0<10.4.10
composer/typo3/cms-core>=10.0.0<10.4.10
>=10.0.0<10.4.10
CVE-2020-15098
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) > * CWE-325, CWE-20, CWE-200, CWE-502 ### Problem It has been discovered that an internal verification mechanis...
composer/typo3/cms>=10.0.0<10.4.6>=9.0.0<9.5.20
composer/typo3/cms-core>=10.0.0<10.4.6>=9.0.0<9.5.20
Typo3 Typo3>=9.0.0<9.5.20
Typo3 Typo3>=10.0.0<10.4.6
composer/typo3/cms>=9.0.0<9.5.20
composer/typo3/cms>=10.0.0<10.4.6
and 2 more
CVE-2020-15099
> ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (7.5) > * CWE-20, CWE-200 ### Problem In case an attacker manages to generate a valid cryptographic message authentic...
composer/typo3/cms-core>=10.0.0<10.4.6>=9.0.0<9.5.20
composer/typo3/cms>=10.0.0<10.4.6>=9.0.0<9.5.20
Typo3 Typo3>=9.0.0<9.5.20
Typo3 Typo3>=10.0.0<10.4.6
composer/typo3/cms>=9.0.0<9.5.20
composer/typo3/cms>=10.0.0<10.4.6
and 2 more
CVE-2020-11063
In TYPO3 CMS 10.4.0 through 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeratio...
composer/typo3/cms>=10.0.0<10.4.2
composer/typo3/cms-core>=10.0.0<10.4.2
Typo3 Typo3=10.4.0
Typo3 Typo3=10.4.1
composer/typo3/cms>=10.0.0<10.4.2
composer/typo3/cms-core>=10.0.0<10.4.2
CVE-2020-11069
> ### Meta > * CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > * CWE-352 > * CWE-346 ### Problem It has been discovered that backend user interface and install tool are vulnerable to s...
composer/typo3/cms-core>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3>=9.0.0<=9.5.16
Typo3 Typo3>=10.0.0<=10.4.1
composer/typo3/cms>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2
and 4 more
CVE-2020-11067
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnera...
composer/typo3/cms>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms-core>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3>=9.0.0<=9.5.16
Typo3 Typo3>=10.0.0<=10.4.1
composer/typo3/cms>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2
and 2 more
CVE-2020-11066
Calling unserialize() on malicious user-submitted content can result in the following scenarios: - trigger deletion of arbitrary directory in file system (if writable for web server) - trigger message...
composer/typo3/cms>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms-core>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3>=9.0.0<9.5.17
Typo3 Typo3>=10.0.0<10.4.2
composer/typo3/cms>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2
and 4 more
CVE-2020-11065
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality a...
composer/typo3/cms-core>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3>=9.5.12<9.5.17
Typo3 Typo3>=10.2.0<10.4.2
composer/typo3/cms>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2
and 4 more
CVE-2020-11064
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML `placeholder` attributes containing data of ...
composer/typo3/cms-core>=10.0.0<10.4.2>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2>=9.0.0<9.5.17
Typo3 Typo3>=9.0.0<9.5.17
Typo3 Typo3>=10.0.0<10.4.2
composer/typo3/cms>=9.0.0<9.5.17
composer/typo3/cms>=10.0.0<10.4.2
and 4 more
CVE-2020-8091
TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a target...
composer/typo3/cms>=7.0.0<=7.1.0
composer/typo3/cms>=6.2.0<=6.2.38
Typo3 Typo3>=6.2<6.2.39
Typo3 Typo3>=7.0.0<=7.1.0
CVE-2019-19849
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserializati...
composer/typo3/cms-core>=10.0.0<10.2.1>=8.0.0<8.7.30>=9.0.0<9.5.12
composer/typo3/cms>=10.0.0<10.2.1>=8.0.0<8.7.30>=9.0.0<9.5.12
Typo3 Typo3<8.7.30
Typo3 Typo3>=9.0.0<9.5.12
Typo3 Typo3>=10.0.0<10.2.2
composer/typo3/cms>=9.0.0<9.5.12
and 5 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203