typo3/cms-form Security Advisories (7)
-
[HIGH] TYPO3 CMS has Broken Access Control in its Form Framework
PKSA-8hzt-dvj5-mc5s CVE-2026-11607 GHSA-pjpj-v387-x4vq
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[HIGH] TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
PKSA-w8hs-qvzm-sf5x CVE-2026-49741 GHSA-jh32-v29g-68pq
Affected version: >=14.0.0,<14.3.3
Reported by:
GitHub -
[HIGH] TYPO3 CMS has Broken Access Control in its Form Framework
PKSA-m239-hcqk-kg59 CVE-2026-47346 GHSA-hwvq-2w67-rvxp
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[MEDIUM] TYPO3 Form Framework Module vulnerable to Cross-Site Request Forgery
PKSA-p6ct-pkr6-phmf CVE-2024-55922 GHSA-ww7h-g2qf-7xv6
Affected version: >=13.0.0,<=13.4.2|>=12.0.0,<=12.4.24|>=11.0.0,<=11.5.41|>=10.0.0,<=10.4.47
Reported by:
GitHub -
[MEDIUM] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
PKSA-yhyy-7dgg-qhcw CVE-2021-21358 GHSA-x79j-wgqv-g8h2
Affected version: >=11.0.0,<=11.1.0|>=10.2.0,<=10.4.13
Reported by:
GitHub -
[HIGH] Broken Access Control in Form Framework
PKSA-4b8g-5w89-fbw3 CVE-2021-21357 GHSA-3vg7-jw9m-pc3f
Affected version: >=11.0.0,<=11.1.0|>=10.0.0,<=10.4.13|>=9.0.0,<=9.5.24|>=8.0.0,<=8.7.39
Reported by:
GitHub -
[HIGH] Unrestricted File Upload in Form Framework
PKSA-nkrd-9vf5-fnjp CVE-2021-21355 GHSA-2r6j-862c-m2v2
Affected version: >=11.0.0,<=11.1.0|>=10.0.0,<=10.4.13|>=9.0.0,<=9.5.24|>=8.0.0,<=8.7.39
Reported by:
GitHub