typo3/cms-core Security Advisories for v8.7.18 (39)
-
[HIGH] TYPO3 Install Tool vulnerable to Code Execution
PKSA-prgj-sgzn-q6cs CVE-2024-22188 GHSA-5w2h-59j3-8x5w
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] Path Traversal in TYPO3 File Abstraction Layer Storages
PKSA-zz7z-6zsy-d2hc CVE-2023-30451 GHSA-3gjc-mp82-fj4q
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[HIGH] TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
PKSA-99mg-htb6-c272 CVE-2024-25121 GHSA-rj3x-wvc6-5j66
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Improper Access Control of Resources Referenced by t3:// URI Scheme
PKSA-h5xk-8nxx-znp4 CVE-2024-25120 GHSA-wf85-8hx9-gj7c
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 Install Tool vulnerable to Information Disclosure of Encryption Key
PKSA-d551-hdqh-5mmf CVE-2024-25119 GHSA-h47m-3f78-qp9g
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords
PKSA-jbhx-knzt-5y6m CVE-2024-25118 GHSA-38r2-5695-334w
Affected version: =13.0.0|>=12.0.0,<=12.4.10|>=11.0.0,<=11.5.34|>=10.0.0,<=10.4.42|>=9.0.0,<=9.5.45|>=8.0.0,<=8.7.56
Reported by:
GitHub -
[MEDIUM] TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling
PKSA-jp7z-h3vv-yr4s CVE-2023-47127 GHSA-3vmm-7h4j-69rm
Affected version: >=8.0.0,<8.7.55|>=9.0.0,<9.5.44|>=10.0.0,<10.4.41|>=11.0.0,<11.5.33|>=12.0.0,<12.4.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
PKSA-cqmn-5jhg-hqxx CVE-2020-26228 GHSA-954j-f27r-cj52
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
PKSA-2ynr-pyxr-sckk CVE-2020-26227 GHSA-vqqx-jw6p-q3rf
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in Query Generator & Query View
PKSA-2xbd-k6f8-vc7m CVE-2019-19849 GHSA-rcgc-4xfc-564v
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in low-level Query Generator
PKSA-gt1g-9dsw-fhqp CVE-2019-19850 GHSA-59pj-7mjh-4465
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Directory Traversal on ZIP extraction
PKSA-jydd-ptqz-cc3y CVE-2019-19848 GHSA-77p4-wfr8-977w
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Cross-Site Scripting in Form Framework validation handling
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Link Handling
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
Possible Insecure Deserialization in Extbase Request Handling
Affected version: >=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Filelist Module
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in TYPO3 CMS
PKSA-s5jg-xrdb-kcbj CVE-2019-12747 GHSA-86hp-xrhj-fhpq
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Link Handling
PKSA-v9y4-y7z6-sjjg CVE-2019-12748 GHSA-r6fv-56gp-j3r4
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Security Misconfiguration in Frontend Session Handling
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
FriendsOfPHP/security-advisories -
Arbitrary Code Execution and Cross-Site Scripting in Backend API
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in Backend User Interface
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
FriendsOfPHP/security-advisories -
[HIGH] Possible Arbitrary Code Execution in Image Processing
PKSA-zhxh-zqgh-5btz CVE-2019-11832 GHSA-3w4h-r27h-4r2w
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Fluid Engine
PKSA-1rbp-fbhh-b1cd CVE-2020-15241 GHSA-7733-hjv6-4h47
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Security Misconfiguration in User Session Handling
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Bootstrap CSS toolkit
PKSA-6rbt-6s1d-gvry CVE-2018-14041 GHSA-pj7m-g53m-7638
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Arbitrary Code Execution via File List Module
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Security Misconfiguration for Backend User Accounts
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Broken Access Control in Localization Handling
Affected version: >=8.0.0,<8.7.23
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure of Installed Extensions
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Form Framework
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Fluid ViewHelpers
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in CKEditor
PKSA-5y7r-7h1g-qrym CVE-2018-17960 GHSA-g68x-vvqq-pvw3
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Information Disclosure in Install Tool
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service in Online Media Asset Handling
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Online Media Asset Rendering
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Backend Modal Component
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service in Frontend Record Registration
Affected version: >=8.0.0,<8.7.21
Reported by:
FriendsOfPHP/security-advisories -
Security Misconfiguration in Install Tool Cookie
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Frontend User Login
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories