Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 12th May, 2020
TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to same-site request forgery.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
Read more
Tue. 12th May, 2020
TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Oliver Hader

It has been discovered that the extension "SVG Sanitizer" (svg_sanitizer) is vulnerable to Cross-Site Scripting.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 12th May, 2020
TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 12th May, 2020
TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "gForum" (g_forum) is susceptible to Broken Access Control.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Tue. 12th May, 2020
TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Denial of Service, Broken Access Control, Open Redirect and…
Read more

Security Advisories

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Certified Expertise

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links