typo3/cms Security Advisories for 6.2.13 (40)
-
[MEDIUM] Typo3 Cross-Site Scripting in Flash component (ELTS)
PKSA-76yg-j1z3-zysm CVE-2020-8091 GHSA-qvhv-pwww-53jj
Affected version: >=7.0.0,<=7.1.0|>=6.2.0,<=6.2.38
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-5qtp-bmj9-5zqr CVE-2015-8755 GHSA-56f9-5563-m2h7
Affected version: >=7.0,<7.6.1|>=6.2,<6.2.16
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend component Cross-site scripting (XSS) vulnerability
PKSA-mw31-s5jc-c3ww CVE-2016-4056 GHSA-ffcm-vhcw-p32r
Affected version: >=6.2.0,<6.2.19
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
Remote Code Execution in third party library swiftmailer
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Backend
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Path Traversal in TYPO3 Core
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Cache Flooding in TYPO3 Frontend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting vulnerability in typolinks
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Import/Export
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
SQL Injection in TYPO3 Frontend Login
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10
Reported by:
FriendsOfPHP/security-advisories -
Missing Access Check in TYPO3 CMS
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Privilege Escalation in TYPO3 CMS
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
Authentication Bypass in TYPO3 CMS
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
XML External Entity (XXE) Processing in TYPO3 Core
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service attack possibility in TYPO3 component Indexed Search
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component CSS styled content
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component Backend
Affected version: >=6.2.0,<6.2.19
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in link validator component
Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting vulnerability in typolinks
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component Indexed Search
Affected version: >=6.2.0,<6.2.16
Reported by:
FriendsOfPHP/security-advisories -
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
FriendsOfPHP/security-advisories -
Multiple Cross-Site Scripting vulnerabilities in frontend
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
FriendsOfPHP/security-advisories -
Reported by:
FriendsOfPHP/security-advisories -
[LOW] Backend: Non-Persistent Cross-Site Scripting
PKSA-gh78-xr39-8wwk CVE-2015-5956 GHSA-989h-wv8x-933p
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Frontend: Unauthenticated Path Disclosure
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in 3rd party library Flowplayer
PKSA-42qs-kcsv-zvxq CVE-2013-7341 GHSA-j6c3-3c4w-qv8p
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Information Disclosure possibility exploitable by Editors
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting exploitable by Editors
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Access bypass when editing file metadata
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Brute Force Protection Bypass in backend login
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories -
Frontend login Session Fixation
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
FriendsOfPHP/security-advisories