[MEDIUM] Typo3 Cross-Site Scripting in Flash component (ELTS)

PKSA-76yg-j1z3-zysm CVE-2020-8091 GHSA-qvhv-pwww-53jj

Affected version: >=7.0.0,<=7.1.0|>=6.2.0,<=6.2.38

Reported by:
GitHub

[MEDIUM] Typo3 XSS Vulnerability

PKSA-5qtp-bmj9-5zqr CVE-2015-8755 GHSA-56f9-5563-m2h7

Affected version: >=7.0,<7.6.1|>=6.2,<6.2.16

Reported by:
GitHub

[MEDIUM] TYPO3 Backend component Cross-site scripting (XSS) vulnerability

PKSA-mw31-s5jc-c3ww CVE-2016-4056 GHSA-ffcm-vhcw-p32r

Affected version: >=6.2.0,<6.2.19

Reported by:
GitHub

[MEDIUM] Typo3 XSS Vulnerability

PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75

Affected version: <9.2.0

Reported by:
GitHub

Remote Code Execution in third party library swiftmailer

PKSA-y99p-vnsv-h8zb

Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1

Reported by:
FriendsOfPHP/security-advisories

Insecure Unserialize in TYPO3 Backend

PKSA-p9pn-ckkr-j9gj

Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1

Reported by:
FriendsOfPHP/security-advisories

Path Traversal in TYPO3 Core

PKSA-ycv6-vk58-crph

Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1

Reported by:
FriendsOfPHP/security-advisories

Cache Flooding in TYPO3 Frontend

PKSA-5nxh-6dvz-pwx2

Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in TYPO3 Backend

PKSA-p1xw-bm9t-9mgz

Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting vulnerability in typolinks

PKSA-qkq5-q75r-wn3g

Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1

Reported by:
FriendsOfPHP/security-advisories

Information Disclosure in TYPO3 Backend

PKSA-q6zv-zcsh-21h8

Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in TYPO3 Backend

PKSA-h9f8-fcdd-y5cz

Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1

Reported by:
FriendsOfPHP/security-advisories

Insecure Unserialize in TYPO3 Import/Export

PKSA-8qyh-77q4-9nh2

Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1

Reported by:
FriendsOfPHP/security-advisories

SQL Injection in TYPO3 Frontend Login

PKSA-b4tx-8wsn-x1b1

Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10

Reported by:
FriendsOfPHP/security-advisories

Missing Access Check in TYPO3 CMS

PKSA-6w93-8p38-vgt5

Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1

Reported by:
FriendsOfPHP/security-advisories

Arbitrary File Disclosure in Form Component

PKSA-5x8h-hf12-tbch

Affected version: >=6.2.0,<6.2.20

Reported by:
FriendsOfPHP/security-advisories

Privilege Escalation in TYPO3 CMS

PKSA-3s1d-fjtc-fcqw

Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1

Reported by:
FriendsOfPHP/security-advisories

Authentication Bypass in TYPO3 CMS

PKSA-prb5-15dp-gbwb

Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in TYPO3 Backend

PKSA-yr4d-8qdk-2g3v

Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1

Reported by:
FriendsOfPHP/security-advisories

XML External Entity (XXE) Processing in TYPO3 Core

PKSA-smvw-xwn8-cj9h

Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4

Reported by:
FriendsOfPHP/security-advisories

Denial of Service attack possibility in TYPO3 component Indexed Search

PKSA-g4rd-ftcg-mjm7

Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in TYPO3 component CSS styled content

PKSA-ry96-ymk5-v9rd

Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in TYPO3 component Backend

PKSA-spfc-tbhw-kh61

Affected version: >=6.2.0,<6.2.19

Reported by:
FriendsOfPHP/security-advisories

SQL Injection in dbal

PKSA-yv19-9tq2-fz1m

Affected version: >=6.2.0,<6.2.18

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in legacy form component

PKSA-8b88-yvbs-1t53

Affected version: >=6.2.0,<6.2.18

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in link validator component

PKSA-xpn2-bkrt-rhyf

Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in form component

PKSA-dt28-xcfy-z6q8

Affected version: >=6.2.0,<6.2.18

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting vulnerability in typolinks

PKSA-m77p-d7vq-9f8t

Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting in TYPO3 component Indexed Search

PKSA-p8d2-7vg9-dtcf

Affected version: >=6.2.0,<6.2.16

Reported by:
FriendsOfPHP/security-advisories

Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend

PKSA-ndcf-67nc-gxt9

Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1

Reported by:
FriendsOfPHP/security-advisories

Multiple Cross-Site Scripting vulnerabilities in frontend

PKSA-p5kg-j47t-6hk4

Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1

Reported by:
FriendsOfPHP/security-advisories

TYPO3 is susceptible to Cross-Site Flashing

PKSA-yxxk-7kcz-vv2r

Affected version: >=6.2.0,<6.2.16

Reported by:
FriendsOfPHP/security-advisories

[LOW] Backend: Non-Persistent Cross-Site Scripting

PKSA-gh78-xr39-8wwk CVE-2015-5956 GHSA-989h-wv8x-933p

Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0

Reported by:
GitHub, FriendsOfPHP/security-advisories

Frontend: Unauthenticated Path Disclosure

PKSA-z28m-xm9h-qp6g

Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0

Reported by:
FriendsOfPHP/security-advisories

[MEDIUM] Cross-Site Scripting in 3rd party library Flowplayer

PKSA-42qs-kcsv-zvxq CVE-2013-7341 GHSA-j6c3-3c4w-qv8p

Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1

Reported by:
GitHub, FriendsOfPHP/security-advisories

Information Disclosure possibility exploitable by Editors

PKSA-9p1y-wbjp-2yn7

Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1

Reported by:
FriendsOfPHP/security-advisories

Cross-Site Scripting exploitable by Editors

PKSA-83dv-xmw9-2793

Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1

Reported by:
FriendsOfPHP/security-advisories

Access bypass when editing file metadata

PKSA-v937-s8pv-pxfv

Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1

Reported by:
FriendsOfPHP/security-advisories

Brute Force Protection Bypass in backend login

PKSA-bmjh-mrv6-6mhj

Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1

Reported by:
FriendsOfPHP/security-advisories

Frontend login Session Fixation

PKSA-hpcb-f6d4-dg4y

Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1

Reported by:
FriendsOfPHP/security-advisories