Security Advisories
All Advisories
TYPO3-EXT-SA-2025-015: Broken Authentication in extension "Modules" (modules)
It has been discovered that the extension "Modules" (modules) is susceptible to Broken Authentication.
TYPO3-EXT-SA-2025-014: Vulnerability in bundled package in extension "Forms Export" (frp_form_answers)
It has been discovered that the extension "Forms Export" (frp_form_answers) bundles a vulnerable version of "phpoffice/phpspreadsheet", which is…
TYPO3-EXT-SA-2025-013: Vulnerability in bundled package in extension "Base Excel" (base_excel)
It has been discovered that the extension "Base Excel" (base_excel) bundles a vulnerable version of “phpoffice/phpspreadsheet“ which is susceptible to…
TYPO3-EXT-SA-2025-012: Cross-Site Scripting in extension "Form to Database" (form_to_database)
It has been discovered that the extension "Form to Database" (form_to_database) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2025-023: Information Disclosure via CSV Download
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2025-022: Information Disclosure in Workspaces Module
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2025-021: Broken Access Control in Backend AJAX Routes
It has been discovered that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2025-020: Information Disclosure via File Abstraction Layer
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2025-019: Insufficient Entropy in Password Generation
It has been discovered that TYPO3 CMS is susceptible to insufficient entropy.
TYPO3-CORE-SA-2025-018: Denial of Service in TYPO3 Bookmark Toolbar
It has been discovered that TYPO3 CMS is susceptible to denial of service.
TYPO3-CORE-SA-2025-017: Open Redirect in TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to open redirect.
TYPO3-EXT-SA-2025-011: Command Injection in extension "TYPO3 Backup Plus" (ns_backup)
It has been discovered that the extension "TYPO3 Backup Plus" (ns_backup) is susceptible to Command Injection.
TYPO3-PSA-2025-001: Sanitization bypass in SVG Sanitizer
Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
TYPO3-EXT-SA-2025-010: Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
TYPO3-EXT-SA-2025-009: Insecure Direct Object Reference in extension "powermail" (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.
TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure…
TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)
It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site…
TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.
TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)
It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)
It has been discovered that the extension "Download manager" (reint_downloadmanager) is susceptible to Insecure Direct Object Reference.