typo3/cms Security Advisories for 6.2.6 (43)
-
[MEDIUM] Typo3 Cross-Site Scripting in Flash component (ELTS)
PKSA-76yg-j1z3-zysm CVE-2020-8091 GHSA-qvhv-pwww-53jj
Affected version: >=7.0.0,<=7.1.0|>=6.2.0,<=6.2.38
Reported by:
GitHub -
[HIGH] Typo3 Vulnerable to Cache Poisoning
PKSA-76w6-8mt2-dy89 CVE-2014-9509 GHSA-5479-gqqr-f9gj
Affected version: >=6.1.0,<=6.1.12|>=6.0.0,<=6.0.14|>=4.7.0,<=4.7.20|>=4.6.0,<=4.6.18|>=7.0.0,<7.0.2|>=6.2.0,<6.2.9|>=4.5.0,<4.5.39
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-5qtp-bmj9-5zqr CVE-2015-8755 GHSA-56f9-5563-m2h7
Affected version: >=7.0,<7.6.1|>=6.2,<6.2.16
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend component Cross-site scripting (XSS) vulnerability
PKSA-mw31-s5jc-c3ww CVE-2016-4056 GHSA-ffcm-vhcw-p32r
Affected version: >=6.2.0,<6.2.19
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
Remote Code Execution in third party library swiftmailer
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Backend
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Path Traversal in TYPO3 Core
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Cache Flooding in TYPO3 Frontend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting vulnerability in typolinks
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Import/Export
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
SQL Injection in TYPO3 Frontend Login
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10
Reported by:
FriendsOfPHP/security-advisories -
Missing Access Check in TYPO3 CMS
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Privilege Escalation in TYPO3 CMS
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
Authentication Bypass in TYPO3 CMS
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
XML External Entity (XXE) Processing in TYPO3 Core
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service attack possibility in TYPO3 component Indexed Search
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component CSS styled content
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component Backend
Affected version: >=6.2.0,<6.2.19
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in link validator component
Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting vulnerability in typolinks
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component Indexed Search
Affected version: >=6.2.0,<6.2.16
Reported by:
FriendsOfPHP/security-advisories -
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
FriendsOfPHP/security-advisories -
Multiple Cross-Site Scripting vulnerabilities in frontend
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
[LOW] Backend: Non-Persistent Cross-Site Scripting
PKSA-gh78-xr39-8wwk CVE-2015-5956 GHSA-989h-wv8x-933p
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Frontend: Unauthenticated Path Disclosure
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in 3rd party library Flowplayer
PKSA-42qs-kcsv-zvxq CVE-2013-7341 GHSA-j6c3-3c4w-qv8p
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Information Disclosure possibility exploitable by Editors
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting exploitable by Editors
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Access bypass when editing file metadata
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Brute Force Protection Bypass in backend login
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Frontend login Session Fixation
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Possible link spoofing on the homepage when anchors are used
PKSA-dt94-3y8h-bht1 CVE-2014-9508 GHSA-v6xv-rmqc-wcc8
Affected version: >=6.2.0,<6.2.9|>=7.0.0,<7.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible cache poisining on the homepage when anchors are used
PKSA-9v5z-9wvw-43v7 GHSA-gj48-w74w-8gvm
Affected version: >=6.2.0,<6.2.9|>=7.0.0,<7.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories