typo3/cms Security Advisories for 8.0.1 (51)
-
[HIGH] TYPO3 Arbitrary Code Execution
PKSA-pt33-g1gs-b8wt CVE-2017-14251 GHSA-fh4q-hxrw-cjqq
Affected version: >=8.0.0,<8.7.5|>=7.6.0,<7.6.22
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
[HIGH] Insecure Deserialization in Query Generator & Query View
PKSA-fyxc-qkr6-f3ry CVE-2019-19849 GHSA-rcgc-4xfc-564v
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in low-level Query Generator
PKSA-8qsb-zpqf-kwq2 CVE-2019-19850 GHSA-59pj-7mjh-4465
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Directory Traversal on ZIP extraction
PKSA-187n-yk48-q1fv CVE-2019-19848 GHSA-77p4-wfr8-977w
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Cross-Site Scripting in Form Framework validation handling
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Link Handling
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
Possible Insecure Deserialization in Extbase Request Handling
Affected version: >=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Filelist Module
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in TYPO3 CMS
PKSA-bz6f-yjw4-93sv CVE-2019-12747 GHSA-86hp-xrhj-fhpq
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Link Handling
PKSA-shfj-qhnv-r9fs CVE-2019-12748 GHSA-r6fv-56gp-j3r4
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Security Misconfiguration in Frontend Session Handling
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
FriendsOfPHP/security-advisories -
Arbitrary Code Execution and Cross-Site Scripting in Backend API
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in Backend User Interface
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Possible Arbitrary Code Execution in Image Processing
PKSA-k6fx-zsn9-8q9f CVE-2019-11832 GHSA-3w4h-r27h-4r2w
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Fluid Engine
PKSA-dmbp-4kzv-9s4r CVE-2020-15241 GHSA-7733-hjv6-4h47
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Security Misconfiguration in User Session Handling
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Bootstrap CSS toolkit
PKSA-ww37-6vs7-z8br CVE-2018-14041 GHSA-pj7m-g53m-7638
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Arbitrary Code Execution via File List Module
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Security Misconfiguration for Backend User Accounts
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Broken Access Control in Localization Handling
Affected version: >=8.0.0,<8.7.23
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure of Installed Extensions
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Form Framework
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Fluid ViewHelpers
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in CKEditor
PKSA-qmq7-q129-2wts CVE-2018-17960 GHSA-g68x-vvqq-pvw3
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Information Disclosure in Install Tool
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service in Online Media Asset Handling
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Online Media Asset Rendering
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Backend Modal Component
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service in Frontend Record Registration
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21
Reported by:
FriendsOfPHP/security-advisories -
Security Misconfiguration in Install Tool Cookie
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Frontend User Login
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
FriendsOfPHP/security-advisories -
Authentication Bypass in TYPO3 CMS
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 CMS
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 CMS
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Arbitrary Code Execution in TYPO3 CMS
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 CMS Backend
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 CMS
Affected version: >=7.6.0,<7.6.16|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.1
Reported by:
FriendsOfPHP/security-advisories -
Remote Code Execution in third party library swiftmailer
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Backend
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Path Traversal in TYPO3 Core
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Cache Flooding in TYPO3 Frontend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Environment Variable Injection
PKSA-xycg-n8fx-k2xm CVE-2016-5385 GHSA-m6ch-gg5f-wxx3
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Cross-Site Scripting vulnerability in typolinks
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in third party library mso/idna-convert
Affected version: >=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Import/Export
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Missing Access Check in TYPO3 CMS
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
FriendsOfPHP/security-advisories