typo3/cms Security Advisories for 7.6.2 (33)
-
[MEDIUM] Typo3 XSS Vulnerability
PKSA-j487-wgb6-g37w CVE-2018-6905 GHSA-3w22-wrwx-2r75
Affected version: <9.2.0
Reported by:
GitHub -
Information Disclosure in Install Tool
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service in Online Media Asset Handling
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Online Media Asset Rendering
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Backend Modal Component
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service in Frontend Record Registration
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21
Reported by:
FriendsOfPHP/security-advisories -
Security Misconfiguration in Install Tool Cookie
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in Frontend User Login
Affected version: >=7.0.0,<7.6.32|>=8.0.0,<8.7.21|>=9.0.0,<9.5.2
Reported by:
FriendsOfPHP/security-advisories -
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
FriendsOfPHP/security-advisories -
Authentication Bypass in TYPO3 CMS
Affected version: >=7.0.0,<7.6.30|>=8.0.0,<8.7.17|>=9.0.0,<9.3.2
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 CMS
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 CMS
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Arbitrary Code Execution in TYPO3 CMS
Affected version: >=7.6.0,<7.6.22|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.7.0|>=8.7.0,<8.7.5
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 CMS
Affected version: >=7.6.0,<7.6.16|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.6.0|>=8.6.0,<8.6.1
Reported by:
FriendsOfPHP/security-advisories -
Remote Code Execution in third party library swiftmailer
Affected version: >=6.2.0,<6.2.30|>=7.6.0,<7.6.15|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.5.0|>=8.5.0,<8.5.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Backend
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Path Traversal in TYPO3 Core
Affected version: >=6.2.0,<6.2.29|>=7.6.0,<7.6.13|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.4.0|>=8.4.0,<8.4.1
Reported by:
FriendsOfPHP/security-advisories -
Cache Flooding in TYPO3 Frontend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.27|>=7.6.0,<7.6.11|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.3.0|>=8.3.0,<8.3.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting vulnerability in typolinks
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Information Disclosure in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in third party library mso/idna-convert
Affected version: >=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
Insecure Unserialize in TYPO3 Import/Export
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10|>=8.0.0,<8.1.0|>=8.1.0,<8.2.0|>=8.2.0,<8.2.1
Reported by:
FriendsOfPHP/security-advisories -
SQL Injection in TYPO3 Frontend Login
Affected version: >=6.2.0,<6.2.26|>=7.6.0,<7.6.10
Reported by:
FriendsOfPHP/security-advisories -
Missing Access Check in TYPO3 CMS
Affected version: >=6.2.0,<6.2.25|>=7.6.0,<7.6.8|>=8.0.0,<8.1.1|>=8.1.0,<8.1.1
Reported by:
FriendsOfPHP/security-advisories -
Privilege Escalation in TYPO3 CMS
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
Authentication Bypass in TYPO3 CMS
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 Backend
Affected version: >=6.2.0,<6.2.20|>=7.6.0,<7.6.5|>=8.0.0,<8.0.1
Reported by:
FriendsOfPHP/security-advisories -
XML External Entity (XXE) Processing in TYPO3 Core
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Denial of Service attack possibility in TYPO3 component Indexed Search
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in TYPO3 component CSS styled content
Affected version: >=6.2.0,<6.2.19|>=7.6.0,<7.6.4
Reported by:
FriendsOfPHP/security-advisories -
Cross-Site Scripting in link validator component
Affected version: >=6.2.0,<6.2.18|>=7.6.0,<7.6.3
Reported by:
FriendsOfPHP/security-advisories