Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 10th August, 2021
TYPO3-EXT-SA-2021-014: SQL Injection in extension "Newsletter" (newsletter)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension"Newsletter" (newsletter) is susceptible to SQL Injection.
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-013: Multiple vulnerabilities in Extension "Dated News" (dated_news)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension"Dated News" (dated_news) is susceptible to SQL Injection, Cross-Site Scripting, Information Disclosure and…
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-012: Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Cross Site Scripting.
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-011: Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Miniorange Saml" (miniorange_saml) is susceptible to Cross-Site Scripting, Sensitive Data Exposure and…
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-010: Cross-Site Scripting in Extension "femanager" (femanager)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site Scripting.
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-009: Denial of Service in Extension "Deferred image processing" (deferred_image_processing)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Deferred image processing" (deferred_image_processing) is susceptible to Denial of Service.
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-008: Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension “Extbase Yaml Routes” (routes) is susceptible to Sensitive Information Disclosure.
Read more
Tue. 10th August, 2021
TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 20th July, 2021
TYPO3-PSA-2021-002: CSV Code Injection

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Torben Hansen

It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external…
Read more
Tue. 20th July, 2021
TYPO3-PSA-2021-001: Sensitive links in search results of TYPO3 extension indexed_search

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Torben Hansen

It has been discovered that the TYPO3 extension “Indexed Search” may index sensitive links under certain conditions.
Read more

Security Advisories

TYPO3-EXT-SA-2021-014: SQL Injection in extension "Newsletter" (newsletter)

TYPO3-EXT-SA-2021-013: Multiple vulnerabilities in Extension "Dated News" (dated_news)

TYPO3-EXT-SA-2021-012: Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)

TYPO3-EXT-SA-2021-011: Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

TYPO3-EXT-SA-2021-010: Cross-Site Scripting in Extension "femanager" (femanager)

TYPO3-EXT-SA-2021-009: Denial of Service in Extension "Deferred image processing" (deferred_image_processing)

TYPO3-EXT-SA-2021-008: Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)

TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content

TYPO3-PSA-2021-002: CSV Code Injection

TYPO3-PSA-2021-001: Sensitive links in search results of TYPO3 extension indexed_search

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Certified Expertise

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links