Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 26th April, 2022
TYPO3-EXT-SA-2022-009: Cross-Site Scripting in extension "Grid Elements" (gridelements)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Grid Elements" (gridelements) is susceptible to Cross-Site Scripting.
Read more
Tue. 26th April, 2022
TYPO3-EXT-SA-2022-008: Multiple vulnerabilities in extension "Adminer" (t3adminer)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Adminer" (t3adminer) is susceptible to Server-side request forgery and Cross-Site Scripting.
Read more
Tue. 26th April, 2022
TYPO3-EXT-SA-2022-007: SQL Injection in extension "One is Enough Library" (oelib)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "One is Enough Library" (oelib) is susceptible to SQL Injection.
Read more
Tue. 26th April, 2022
TYPO3-EXT-SA-2022-006: SQL Injection in extension "Seminar Manager" (seminars)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Seminar Manager" (seminars) is susceptible to SQL Injection.
Read more
Tue. 26th April, 2022
TYPO3-EXT-SA-2022-005: Remote Code Execution in extension "Job portal" (psvneo_jobfair)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Job portal" (psvneo_jobfair) is susceptible to Remote Code Execution.
Read more
Tue. 22nd February, 2022
TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
Read more

Security Advisories

TYPO3-EXT-SA-2022-009: Cross-Site Scripting in extension "Grid Elements" (gridelements)

TYPO3-EXT-SA-2022-008: Multiple vulnerabilities in extension "Adminer" (t3adminer)

TYPO3-EXT-SA-2022-007: SQL Injection in extension "One is Enough Library" (oelib)

TYPO3-EXT-SA-2022-006: SQL Injection in extension "Seminar Manager" (seminars)

TYPO3-EXT-SA-2022-005: Remote Code Execution in extension "Job portal" (psvneo_jobfair)

TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links