typo3/cms Security Advisories (174)
-
[HIGH] TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering
PKSA-2dds-jbmg-2pyg CVE-2023-24814 GHSA-r4f8-f93x-5qh3
Affected version: >=10.0.0,<10.4.35|>=11.0.0,<11.5.23|>=12.0.0,<12.2.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] TYPO3 vulnerable to Insufficient Session Expiration
PKSA-xq14-ff2f-mxy8 CVE-2022-47406 GHSA-53mm-hx32-6475
Affected version: >=3.0.0,<3.0.3|<2.0.5
Reported by:
GitHub -
[MEDIUM] TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer
PKSA-836z-82j1-zt6j CVE-2022-23499 GHSA-hvwx-qh2h-xcfj
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
PKSA-72zd-w89p-dd55 CVE-2022-23504 GHSA-8w3p-qh3x-6gjr
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework
PKSA-hnp1-st4h-rkt2 CVE-2022-23503 GHSA-c5wx-6c2c-f7rm
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset
PKSA-cm5x-bvw7-z1ks CVE-2022-23502 GHSA-mgj2-q8wp-29rr
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login
PKSA-sy8t-czj6-2rjr CVE-2022-23501 GHSA-jfp7-79g7-89rf
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20|>=12.0.0,<12.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling
PKSA-wh51-qtyw-9mq5 CVE-2022-23500 GHSA-8c28-5mp7-v24h
Affected version: >=10.0.0,<10.4.33|>=11.0.0,<11.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling
PKSA-h28q-88f6-24c1 CVE-2022-36104 GHSA-fffr-7x4x-f98q
Affected version: >=11.0.0,<11.5.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer
PKSA-hkkc-nfmp-dqpt CVE-2022-36020 GHSA-47m6-46mj-p235
Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper
PKSA-5bjw-symk-fz45 CVE-2022-36108 GHSA-fv2m-9249-qx85
Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController
PKSA-w21x-17n7-44qc CVE-2022-36107 GHSA-9c6w-55cp-5w25
Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users
PKSA-z12b-qvn6-4p12 CVE-2022-36106 GHSA-5959-4x58-r8c2
Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing
PKSA-rrh7-bw6s-dw97 CVE-2022-36105 GHSA-m392-235j-9r7r
Affected version: >=10.0.0,<10.4.32|>=11.0.0,<11.5.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool
PKSA-2hf7-8md4-q2c6 CVE-2022-31050 GHSA-wwjw-r3gj-39fq
Affected version: >=10.0.0,<10.4.29|>=11.0.0,<11.5.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer
PKSA-jm7x-1zf6-9kw1 CVE-2022-31049 GHSA-h4mx-xv96-2jgm
Affected version: >=10.0.0,<10.4.29|>=11.0.0,<11.5.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework
PKSA-tycc-kzzh-s3ry CVE-2022-31048 GHSA-3r95-23jp-mhvg
Affected version: >=10.0.0,<10.4.29|>=11.0.0,<11.5.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger
PKSA-jbmh-6415-zvcd CVE-2022-31047 GHSA-fh99-4pgr-8j99
Affected version: >=10.0.0,<10.4.29|>=11.0.0,<11.5.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module
PKSA-v8mc-t224-q36f CVE-2022-31046 GHSA-8gmv-9hwg-w89g
Affected version: >=10.0.0,<10.4.29|>=11.0.0,<11.5.11
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Typo3 Cross-Site Scripting in Flash component (ELTS)
PKSA-76yg-j1z3-zysm CVE-2020-8091 GHSA-qvhv-pwww-53jj
Affected version: >=7.0.0,<=7.1.0|>=6.2.0,<=6.2.38
Reported by:
GitHub -
[HIGH] TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
PKSA-dt89-bh3r-n1jp CVE-2010-3714 GHSA-w736-qv86-vq94
Affected version: >=4.4.0,<4.4.4|>=4.3.0,<4.3.7|>=4.2.0,<4.2.15
Reported by:
GitHub -
[LOW] Typo3 Backend XSS Vulnerabilities
PKSA-gwpp-qsrh-kgdb CVE-2012-1606 GHSA-7wwr-p84q-qr3q
Affected version: >=4.6.0,<=4.6.6|>=4.5.0,<=4.5.13|>=4.4.0,<=4.4.13
Reported by:
GitHub -
[MEDIUM] Typo3 API XSS Vulnerabilities
PKSA-rgr1-snmt-18ps CVE-2012-1608 GHSA-w3v6-r62r-fvqh
Affected version: >=4.6.0,<=4.6.6|>=4.5.0,<=4.5.13|>=4.4.0,<=4.4.13
Reported by:
GitHub -
[MEDIUM] Typo3 Extbase Framework Unsafe Deserialization
PKSA-vhky-r7xh-pqqg CVE-2012-1605 GHSA-7jfm-px59-99w8
Affected version: >=4.5.0,<4.5.14|>=4.4.0,<4.4.14|>=4.6,<=4.6.6
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
PKSA-17sh-jrcf-k5g1 CVE-2013-7075 GHSA-47ww-mq32-g4xw
Affected version: >=6.1.0,<=6.1.6|>=6.0.0,<=6.0.11|>=4.7.0,<=4.7.16|>=4.5.0,<=4.5.31
Reported by:
GitHub -
[MEDIUM] Typo3 Backend History Module Vulnerable to XSS
PKSA-c79m-snxp-y5pr CVE-2012-6146 GHSA-2hp4-8h6h-93rr
Affected version: >=4.7,<4.7.6|>=4.6,<4.6.14|>=4.5,<4.5.21
Reported by:
GitHub -
[HIGH] Typo3 Vulnerable to Cache Poisoning
PKSA-76w6-8mt2-dy89 CVE-2014-9509 GHSA-5479-gqqr-f9gj
Affected version: >=6.1.0,<=6.1.12|>=6.0.0,<=6.0.14|>=4.7.0,<=4.7.20|>=4.6.0,<=4.6.18|>=7.0.0,<7.0.2|>=6.2.0,<6.2.9|>=4.5.0,<4.5.39
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-5qtp-bmj9-5zqr CVE-2015-8755 GHSA-56f9-5563-m2h7
Affected version: >=7.0,<7.6.1|>=6.2,<6.2.16
Reported by:
GitHub -
[MEDIUM] TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
PKSA-yp9j-pyg5-fsdg CVE-2013-7073 GHSA-4rpv-g4gq-rh4m
Affected version: >=6.1.0,<=6.1.6|>=6.0.0,<=6.0.11|>=4.7.0,<=4.7.16|>=4.5.0,<=4.5.31
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend component Cross-site scripting (XSS) vulnerability
PKSA-mw31-s5jc-c3ww CVE-2016-4056 GHSA-ffcm-vhcw-p32r
Affected version: >=6.2.0,<6.2.19
Reported by:
GitHub -
[MEDIUM] Typo3 Exception Handler XSS
PKSA-zfnh-hbvn-w3p3 CVE-2012-2112 GHSA-qfr3-29w6-hwpg
Affected version: =4.7|>=4.6,<4.6.8|>=4.5,<4.5.15|>=4.4,<4.4.15
Reported by:
GitHub -
[LOW] Typo3 Backend XSS Vulnerability
PKSA-vfph-d8t8-n7fr CVE-2012-3528 GHSA-7w6c-5pr4-7qvp
Affected version: >=4.7,<4.7.4|>=4.6,<4.6.12|>=4.5,<4.5.19
Reported by:
GitHub -
[LOW] Typo3 Backend Configuration XSS Vulnerability
PKSA-g37t-86vn-m6sc CVE-2012-3529 GHSA-7gg8-3r6j-5g55
Affected version: >=4.7,<4.7.4|>=4.6,<4.6.12|>=4.5,<4.5.19
Reported by:
GitHub -
[MEDIUM] Typo3 API XSS Vulnerability
PKSA-s4xz-ss2g-x1pk CVE-2012-3530 GHSA-94c2-g68f-9r98
Affected version: >=4.7,<4.7.4|>=4.6,<4.6.12|>=4.5,<4.5.19
Reported by:
GitHub -
[MEDIUM] Typo3 Install Tool XSS Vulnerability
PKSA-955d-c85w-j6y1 CVE-2012-3531 GHSA-p9wg-jvj4-cx26
Affected version: >=4.7,<4.7.4|>=4.6,<4.6.12|>=4.5,<4.5.19
Reported by:
GitHub -
[MEDIUM] Typo3 Backend History Module Vulnerable to SQL Injection
PKSA-cxyp-wz57-ncs5 CVE-2012-6144 GHSA-947m-vgqc-x6v4
Affected version: >=4.7.0,<=4.7.5|>=4.6.0,<=4.6.13|>=4.5.0,<=4.5.20
Reported by:
GitHub -
[LOW] Typo3 Backend History Module Vulnerable to XSS
PKSA-kdrp-66kz-f5tk CVE-2012-6145 GHSA-w563-rq37-cvq5
Affected version: >=4.7.0,<4.7.6|>=4.6.0,<4.6.14|>=4.5.0,<4.5.21
Reported by:
GitHub -
[LOW] Typo3 Backend API XSS Vulnerability
PKSA-1y3n-57kg-pmvw CVE-2012-6147 GHSA-qmmw-ch2q-j6xx
Affected version: >=4.7.0,<4.7.6|>=4.6.0,<4.6.14|>=4.5.0,<4.5.21
Reported by:
GitHub -
[LOW] Typo3 Function Menu API XSS Vulnerability
PKSA-9kq9-pbt5-qgt1 CVE-2012-6148 GHSA-rgf6-9q7g-55qg
Affected version: >=4.7.0,<4.7.6|>=4.6.0,<4.6.14|>=4.5.0,<4.5.21
Reported by:
GitHub -
[LOW] TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
PKSA-3hpj-d1kx-jcgz CVE-2013-7074 GHSA-r8m7-792j-5jvq
Affected version: >=6.1.0,<=6.1.6|>=6.0.0,<=6.0.11|>=4.7.0,<=4.7.16|>=4.5.0,<=4.5.31
Reported by:
GitHub -
[HIGH] TYPO3 Arbitrary Code Execution
PKSA-pt33-g1gs-b8wt CVE-2017-14251 GHSA-fh4q-hxrw-cjqq
Affected version: >=8.0.0,<8.7.5|>=7.6.0,<7.6.22
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
[MEDIUM] TYPO3 Information Disclosure Vulnerability
PKSA-75tt-6fjw-hxpv CVE-2017-6370 GHSA-87hc-phmj-rhgh
Affected version: =7.6.15
Reported by:
GitHub -
[MEDIUM] Typo3 Backend XSS Vulnerability
PKSA-cym9-gjvy-2b4m CVE-2009-0816 GHSA-jg55-3q6h-2ccf
Affected version: =4.3alpha1|>=4.2.0,<4.2.6|>=4.1.0,<4.1.10|>=4.0,<4.0.12|>=3.3.0,<3.9.0
Reported by:
GitHub -
[HIGH] Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection
PKSA-sn7r-z9m4-vd64 CVE-2009-0258 GHSA-74w6-ww7w-45j9
Affected version: >=4.2.0,<=4.2.3|>=4.1.0,<=4.1.7|>=4.0.0,<=4.0.9
Reported by:
GitHub -
[HIGH] Authentication library in TYPO3 vulnerable to session fixation
PKSA-zcym-8ynq-927n CVE-2009-0256 GHSA-q45q-5233-229p
Affected version: >=4.2.0,<=4.2.3|>=4.1.0,<=4.1.7|>=4.0.0,<=4.0.9
Reported by:
GitHub -
[CRITICAL] Typo3 SQL injection due to faulty prepared statements
PKSA-6qsh-v5ry-prz3 CVE-2011-3583 GHSA-gx4p-6w86-f8jx
Affected version: >=4.5.0,<=4.5.5
Reported by:
GitHub -
[CRITICAL] Typo3 Authentication Bypass
PKSA-8vyq-59fw-zr3w CVE-2011-4628 GHSA-79gv-5cgx-x6rx
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.9|<4.3.12
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerability
PKSA-b6zj-7jk2-zq31 CVE-2011-4630 GHSA-29wr-24h5-95r5
Affected version: <4.3.12|>=4.4.0,<4.4.9|>=4.5.0,<4.5.4
Reported by:
GitHub -
[MEDIUM] Typo3 XSS Vulnerabilities
PKSA-z2fs-fkt6-gyvp CVE-2011-4632 GHSA-h86g-796f-hhfq
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.9|<4.3.12
Reported by:
GitHub -
[MEDIUM] Typo3 Information Disclosure
PKSA-9gxq-zkp1-c68s CVE-2011-4900 GHSA-rwx5-7x5r-jgrm
Affected version: <4.5.4
Reported by:
GitHub -
[MEDIUM] Typo3 Arbitrary Information Disclosure
PKSA-f91d-wvrw-15c8 CVE-2011-4901 GHSA-8grp-3j5v-543g
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.9|<4.3.12
Reported by:
GitHub -
[MEDIUM] Typo3 Arbitrary File Delete
PKSA-7vhk-pypy-c7kx CVE-2011-4902 GHSA-9vxq-mxw5-mcgp
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.9|<4.3.12
Reported by:
GitHub -
[MEDIUM] Typo3 XSS in RemoveXSS function
PKSA-pcfs-n7cs-k1d9 CVE-2011-4903 GHSA-q22w-r5qq-v3wf
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.9|<4.3.12
Reported by:
GitHub -
[MEDIUM] Typo3 Improper Access Control
PKSA-ntxm-kbpj-9xfw CVE-2011-4904 GHSA-qf79-34j4-54m6
Affected version: >=4.5.0,<4.5.4|<4.4.9
Reported by:
GitHub -
[MEDIUM] Typo3 Information Disclosure
PKSA-4j7c-f8db-f73h CVE-2011-4627 GHSA-frf4-5p2c-c3ff
Affected version: >=4.5.0,<4.5.4|>=4.4.0,<4.4.9|<4.3.12
Reported by:
GitHub -
[MEDIUM] TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
PKSA-yppq-bmyt-7cxz CVE-2021-41114 GHSA-m2jh-fxw4-gphm
Affected version: >=11.0.0,<11.5.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling
PKSA-nh79-h7dz-v4t2 CVE-2021-41113 GHSA-657m-v5vm-f6rw
Affected version: >=11.2.0,<11.5.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
PKSA-f5pt-5p3j-9w13 CVE-2021-32768 GHSA-c5c9-8c6m-727v
Affected version: >=10.0.0,<10.4.19|>=11.0.0,<11.3.2|>=9.0.0,<9.5.29
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication
PKSA-166g-yc33-swnp CVE-2021-32767 GHSA-34fr-fhqr-7235
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
PKSA-z4fg-75ns-v363 CVE-2021-32669 GHSA-rgcg-28xm-8mmw
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View
PKSA-vhss-cbdf-h9zf CVE-2021-32668 GHSA-6mh3-j5r5-2379
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview
PKSA-wk8d-zxk8-8xqc CVE-2021-32667 GHSA-8mq9-fqv8-59wf
Affected version: >=10.0.0,<10.4.18|>=11.0.0,<11.3.1|>=9.0.0,<9.5.28
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview
PKSA-3cnr-vxft-4f7f CVE-2021-21340 GHSA-fjh3-g8gq-9q92
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework
PKSA-mzcd-fpv2-vf7h CVE-2021-21358 GHSA-x79j-wgqv-g8h2
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview
PKSA-txbn-cfcc-9zgj CVE-2021-21370 GHSA-x7hc-x7fm-f7qh
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier
PKSA-6rj9-2kkd-njb3 CVE-2021-21339 GHSA-qx3w-4864-94ch
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
PKSA-g918-9bjy-w911 CVE-2021-21359 GHSA-4p9g-qgx9-397p
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework
PKSA-wd9s-13sq-wnby CVE-2021-21357 GHSA-3vg7-jw9m-pc3f
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework
PKSA-3jwm-rpgc-y2bh CVE-2021-21355 GHSA-2r6j-862c-m2v2
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling
PKSA-4pvk-bqg1-qyqj CVE-2021-21338 GHSA-4jhw-2p6j-5wmp
Affected version: >=10.0.0,<10.4.14|>=11.0.0,<11.1.1|>=9.0.0,<9.5.25
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
PKSA-6tyw-2n11-ssbd CVE-2020-26229 GHSA-q9cp-mc96-m4w2
Affected version: >=10.0.0,<10.4.10
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
PKSA-tb1c-8bnf-mvmf CVE-2020-26228 GHSA-954j-f27r-cj52
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
PKSA-7sv8-gd3z-zptc CVE-2020-26227 GHSA-vqqx-jw6p-q3rf
Affected version: >=10.0.0,<10.4.10|>=9.0.0,<9.5.23|>=8.7.0,<8.7.38
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure
PKSA-89kh-571y-53vr CVE-2020-15098 GHSA-m5vr-3m74-jwxp
Affected version: >=10.0.0,<10.4.6|>=9.0.0,<9.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
PKSA-bvhz-zjdr-rz23 CVE-2020-15099 GHSA-3x94-fv5h-5q2c
Affected version: >=10.0.0,<10.4.6|>=9.0.0,<9.5.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset
PKSA-f4bv-c86k-p2bf CVE-2020-11063 GHSA-347x-877p-hcwx
Affected version: >=10.0.0,<10.4.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface
PKSA-vncq-mbcp-6vyd CVE-2020-11069 GHSA-pqg8-crx9-g8m4
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
PKSA-dxxk-hc9h-1z3f CVE-2020-11067 GHSA-2wj9-434x-9hvp
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
PKSA-ss2r-276b-st5d CVE-2020-11066 GHSA-2rxh-h6h9-qrqc
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
PKSA-fzgc-n67f-tpd3 CVE-2020-11065 GHSA-4j77-gg36-9864
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
PKSA-fpbs-1vv7-3m1y CVE-2020-11064 GHSA-43gj-mj2w-wh46
Affected version: >=10.0.0,<10.4.2|>=9.0.0,<9.5.17
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in Query Generator & Query View
PKSA-fyxc-qkr6-f3ry CVE-2019-19849 GHSA-rcgc-4xfc-564v
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in low-level Query Generator
PKSA-8qsb-zpqf-kwq2 CVE-2019-19850 GHSA-59pj-7mjh-4465
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Directory Traversal on ZIP extraction
PKSA-187n-yk48-q1fv CVE-2019-19848 GHSA-77p4-wfr8-977w
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Form Framework validation handling
PKSA-mk73-2ss9-7t3h GHSA-v5jp-4h2p-j2p4
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Link Handling
PKSA-mgq1-q3nx-4qhb GHSA-5gr6-97fv-52cc
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible Insecure Deserialization in Extbase Request Handling
PKSA-7wb5-3v3w-d2zd GHSA-qr5f-6fcv-w69q
Affected version: >=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Filelist Module
PKSA-jfwm-f2y6-dfw3 GHSA-2rcw-9hrm-8q7q
Affected version: >=10.0.0,<10.2.1|>=8.0.0,<8.7.30|>=9.0.0,<9.5.12
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Possible deserialization side-effects in symfony/cache
PKSA-qvvz-qgnj-hhv9 CVE-2019-10912 GHSA-w2fr-65vp-mxw3
Affected version: >=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in TYPO3 CMS
PKSA-bz6f-yjw4-93sv CVE-2019-12747 GHSA-86hp-xrhj-fhpq
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Link Handling
PKSA-shfj-qhnv-r9fs CVE-2019-12748 GHSA-r6fv-56gp-j3r4
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in Frontend Session Handling
PKSA-s18m-y85n-1v87 GHSA-r9vc-jfmh-6j48
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Broken Access Control in Import Module
PKSA-sbk1-m9m1-226k GHSA-6fc6-cj2j-h22x
Affected version: >=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Arbitrary Code Execution and Cross-Site Scripting in Backend API
PKSA-5tf7-6x9k-c3q3 GHSA-mh3r-6cp5-hc2j
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in Backend User Interface
PKSA-vnc3-kwhr-kmwj GHSA-8m6j-p5jv-v69w
Affected version: >=8.0.0,<8.7.27|>=9.0.0,<9.5.8
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Possible Arbitrary Code Execution in Image Processing
PKSA-k6fx-zsn9-8q9f CVE-2019-11832 GHSA-3w4h-r27h-4r2w
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Fluid Engine
PKSA-dmbp-4kzv-9s4r CVE-2020-15241 GHSA-7733-hjv6-4h47
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Information Disclosure in User Authentication
PKSA-42st-jf9j-4xyr GHSA-45xg-4w5x-j429
Affected version: >=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Information Disclosure in Page Tree
PKSA-rjjk-45pj-2wfd GHSA-hh95-5xm5-v8v7
Affected version: >=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in User Session Handling
PKSA-r81x-w89x-1vq9 GHSA-g585-crjf-vhwq
Affected version: >=8.0.0,<8.7.25|>=9.0.0,<9.5.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Bootstrap CSS toolkit
PKSA-ww37-6vs7-z8br CVE-2018-14041 GHSA-pj7m-g53m-7638
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Arbitrary Code Execution via File List Module
PKSA-5bn3-rb6y-yskr GHSA-jqr8-q455-xx45
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Language Pack Handling
PKSA-n1qf-pfk3-6gdz GHSA-5j86-5xvg-7q93
Affected version: >=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Security Misconfiguration for Backend User Accounts
PKSA-vzzk-7qkd-5r89 GHSA-67wg-6j7r-mqh8
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Broken Access Control in Localization Handling
PKSA-1g5v-h1gj-cdpx GHSA-m96r-7vqm-j95g
Affected version: >=8.0.0,<8.7.23
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure of Installed Extensions
PKSA-5v3b-yhjz-2p8k GHSA-xgmx-j3hv-jh9x
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Form Framework
PKSA-1gbs-82ww-81jy GHSA-7q33-hxwj-7p8v
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Fluid ViewHelpers
PKSA-x7y9-5n9c-2k2x GHSA-f3wf-q4fj-3gxf
Affected version: >=8.0.0,<8.7.23|>=9.0.0,<9.5.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in CKEditor
PKSA-qmq7-q129-2wts CVE-2018-17960 GHSA-g68x-vvqq-pvw3
Affected version: >=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in Install Tool
PKSA-t1pf-cbfj-xyc5 GHSA-75mx-chcf-2q32
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in Online Media Asset Handling
PKSA-41jf-hqcz-2mxn GHSA-9895-53fc-98v2
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Online Media Asset Rendering
PKSA-94ws-swjq-dm6m GHSA-3jxq-5xhh-9jr3
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Backend Modal Component
PKSA-qzm7-ztqf-vx98 GHSA-86r8-4g3w-7xjp
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service in Frontend Record Registration
PKSA-6wyc-z3gy-thx1 GHSA-g46h-v2cc-6c94
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Security Misconfiguration in Install Tool Cookie
PKSA-99fq-1t5c-yckv GHSA-ppgf-8745-8pgx
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in Frontend User Login
PKSA-j1v4-rzqw-fkx7 GHSA-772m-43f3-hmf8
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Deserialization in TYPO3 CMS
PKSA-bf3m-n5kt-vtz8 GHSA-p84g-j2gh-83g3
Affected version: >=8.5.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Privilege Escalation & SQL Injection in TYPO3 CMS
PKSA-hg27-6v27-frzb GHSA-c7rj-92xr-wprg
Affected version: >=8.5.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
PKSA-z3s2-rzbm-sz8q GHSA-f5rr-9r84-wwqf
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Authentication Bypass in TYPO3 CMS
PKSA-b9qm-1gk1-gg53 GHSA-f777-f784-36gm
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Information Disclosure in TYPO3 CMS
PKSA-mnvr-nmxv-xndp GHSA-qffc-gwpp-m2xr
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Information Disclosure in TYPO3 CMS
PKSA-k469-q3x3-m5wx GHSA-c7p6-3c9c-f88q
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Arbitrary Code Execution in TYPO3 CMS
PKSA-ycd2-g5rr-5v84 GHSA-h934-f4m4-wc8x
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 CMS Backend
PKSA-ytg9-3z8d-xh45 GHSA-v8m4-3w37-ghxx
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Authentication Bypass in TYPO3 Frontend
PKSA-c3y8-zf1b-82mz GHSA-qrxh-46mr-pr7q
Affected version: >=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 CMS
PKSA-v896-gj2z-rpdn GHSA-q9c4-9v5m-597p
Affected version: >=7.6.0,<7.6.16|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Remote Code Execution in third party library swiftmailer
PKSA-y99p-vnsv-h8zb GHSA-85ch-44w7-rf32
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Insecure Unserialize in TYPO3 Backend
PKSA-p9pn-ckkr-j9gj GHSA-vgm8-r9gm-fw59
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Path Traversal in TYPO3 Core
PKSA-ycv6-vk58-crph GHSA-g7hw-jh4p-75wr
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cache Flooding in TYPO3 Frontend
PKSA-5nxh-6dvz-pwx2 GHSA-8h28-f46f-m87h
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 Backend
PKSA-p1xw-bm9t-9mgz GHSA-pw2q-qwvj-gh43
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Environment Variable Injection
PKSA-xycg-n8fx-k2xm CVE-2016-5385 GHSA-m6ch-gg5f-wxx3
Affected version: >=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting vulnerability in typolinks
PKSA-qkq5-q75r-wn3g GHSA-7qwg-fcpw-xg5g
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure in TYPO3 Backend
PKSA-q6zv-zcsh-21h8 GHSA-6f9m-v7mp-7jjq
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 Backend
PKSA-h9f8-fcdd-y5cz GHSA-g9rv-6g56-65h8
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in third party library mso/idna-convert
PKSA-7xg5-dg5x-pjsz GHSA-259v-xm34-p7fr
Affected version: >=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Insecure Unserialize in TYPO3 Import/Export
PKSA-8qyh-77q4-9nh2 GHSA-8h4m-r4wm-xj7r
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in TYPO3 Frontend Login
PKSA-b4tx-8wsn-x1b1 GHSA-6487-3qvg-8px9
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Missing Access Check in TYPO3 CMS
PKSA-6w93-8p38-vgt5 GHSA-f624-8hfq-5fh3
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Arbitrary File Disclosure in Form Component
PKSA-5x8h-hf12-tbch GHSA-wp8j-c736-c5r3
Affected version: >=6.2.0,<6.2.20
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Privilege Escalation in TYPO3 CMS
PKSA-3s1d-fjtc-fcqw GHSA-5cxf-xx9j-54jc
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Authentication Bypass in TYPO3 CMS
PKSA-prb5-15dp-gbwb GHSA-6xh8-8pfv-53vx
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting in TYPO3 Backend
PKSA-yr4d-8qdk-2g3v GHSA-c5mj-39cf-3pp5
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XML External Entity (XXE) Processing in TYPO3 Core
PKSA-smvw-xwn8-cj9h GHSA-mxjf-hc9v-xgv2
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Denial of Service attack possibility in TYPO3 component Indexed Search
PKSA-g4rd-ftcg-mjm7 GHSA-wh8q-72cp-p5wf
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 component CSS styled content
PKSA-ry96-ymk5-v9rd GHSA-wrpf-2x8h-82gr
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in TYPO3 component Backend
PKSA-spfc-tbhw-kh61 GHSA-5wx6-xwxf-q8qj
Affected version: >=6.2.0,<6.2.19
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] SQL Injection in dbal
PKSA-yv19-9tq2-fz1m GHSA-pqfv-97hj-g97g
Affected version: >=6.2.0,<6.2.18
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in legacy form component
PKSA-8b88-yvbs-1t53 GHSA-8j9v-4hhh-x43c
Affected version: >=6.2.0,<6.2.18
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in link validator component
PKSA-xpn2-bkrt-rhyf GHSA-hq37-rfjc-mr8h
Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in form component
PKSA-dt28-xcfy-z6q8 GHSA-vpr3-rc99-2wpr
Affected version: >=6.2.0,<6.2.18
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting vulnerability in typolinks
PKSA-m77p-d7vq-9f8t GHSA-r287-hc8j-w56h
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Cross-Site Scripting in TYPO3 component Indexed Search
PKSA-p8d2-7vg9-dtcf GHSA-4r76-xr68-w7m7
Affected version: >=6.2.0,<6.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
PKSA-ndcf-67nc-gxt9 GHSA-gwfx-p7mr-f92v
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Multiple Cross-Site Scripting vulnerabilities in frontend
PKSA-p5kg-j47t-6hk4 GHSA-p5c5-gmj4-g48f
Affected version: >=6.2.0,<6.2.16|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0|>=7.4.0,<7.5.0|>=7.5.0,<7.6.0|>=7.6.0,<7.6.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] TYPO3 is susceptible to Cross-Site Flashing
PKSA-yxxk-7kcz-vv2r GHSA-hww5-6x85-mc24
Affected version: >=6.2.0,<6.2.16
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Backend: Non-Persistent Cross-Site Scripting
PKSA-gh78-xr39-8wwk CVE-2015-5956 GHSA-989h-wv8x-933p
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Frontend: Unauthenticated Path Disclosure
PKSA-z28m-xm9h-qp6g GHSA-xvcp-33rc-j8gq
Affected version: >=6.2.0,<6.2.15|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.4.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting in 3rd party library Flowplayer
PKSA-42qs-kcsv-zvxq CVE-2013-7341 GHSA-j6c3-3c4w-qv8p
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information Disclosure possibility exploitable by Editors
PKSA-9p1y-wbjp-2yn7 GHSA-pmxp-7224-h794
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Cross-Site Scripting exploitable by Editors
PKSA-83dv-xmw9-2793 GHSA-j86x-pjmr-9m6w
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Access bypass when editing file metadata
PKSA-v937-s8pv-pxfv GHSA-qmwf-j7g7-f5jw
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Brute Force Protection Bypass in backend login
PKSA-bmjh-mrv6-6mhj GHSA-v4qr-8h2v-qpjx
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Frontend login Session Fixation
PKSA-hpcb-f6d4-dg4y GHSA-4h5c-5g25-v7fh
Affected version: >=6.2.0,<6.2.14|>=7.0.0,<7.1.0|>=7.1.0,<7.2.0|>=7.2.0,<7.3.0|>=7.3.0,<7.3.1
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible link spoofing on the homepage when anchors are used
PKSA-dt94-3y8h-bht1 CVE-2014-9508 GHSA-v6xv-rmqc-wcc8
Affected version: >=6.2.0,<6.2.9|>=7.0.0,<7.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible cache poisining on the homepage when anchors are used
PKSA-9v5z-9wvw-43v7 GHSA-gj48-w74w-8gvm
Affected version: >=6.2.0,<6.2.9|>=7.0.0,<7.0.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Denial of Service in OpenID System Extension
PKSA-gzmh-3pyp-63pp CVE-2013-4701 GHSA-5qp6-78pr-gv8c
Affected version: >=6.2.0,<6.2.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Arbitrary Shell Execution in Swiftmailer library
PKSA-ft16-nmqc-tb4y GHSA-g4pf-3jvq-2gcw
Affected version: >=6.2.0,<6.2.6
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Possible Host Spoofing through SERVER_NAME
PKSA-s881-wpwc-ds63 CVE-2014-3941 GHSA-594h-cx6w-p4jf
Affected version: >=6.2.0,<6.2.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Failing to properly encode user input, several backend components are susceptible to XSS
PKSA-f717-5m17-y3f6 CVE-2014-3943 GHSA-qqh2-h6gw-6x8x
Affected version: >=6.2.0,<6.2.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Improper Session Invalidation
PKSA-xp4h-pgrd-wsbf CVE-2014-3944 GHSA-9j8h-xrgj-7gw2
Affected version: >=6.2.0,<6.2.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Information disclosure in the Extbase framework
PKSA-7k6t-m8n5-b4mf CVE-2014-3946 GHSA-vccp-5v5h-p8m6
Affected version: >=6.2.0,<6.2.3
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS
PKSA-h1nr-94fh-5fdt GHSA-cg4m-qjjp-7497
Affected version: >=6.2.0,<6.2.3
Reported by:
GitHub, FriendsOfPHP/security-advisories