Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 18th June, 2024
TYPO3-EXT-SA-2024-003: Multiple vulnerabilities in "Events 2" (events2)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Events 2" (events2) is susceptible to Cache Poisoning, Insecure Direct Object Reference and SQL wildcard…
Read more
Tue. 14th May, 2024
TYPO3-CORE-SA-2024-010: Uncontrolled Resource Consumption in ShowImageController

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to denial of service.
Read more
Tue. 14th May, 2024
TYPO3-CORE-SA-2024-009: Cross-Site Scripting in ShowImageController

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 14th May, 2024
TYPO3-CORE-SA-2024-008: Cross-Site Scripting in Form Manager Module

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 14th May, 2024
TYPO3-CORE-SA-2024-007: HTML Injection in History Module

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to HTML injection.
Read more
Tue. 2nd April, 2024
TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "OpenID Connect Authentication" (oidc) is susceptible to Authentication Bypass.
Read more
Tue. 13th February, 2024
TYPO3-EXT-SA-2024-001: Broken Access Control in extension "Event management and registration" (sf_event_mgt)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to Broken Access Control.
Read more
Tue. 13th February, 2024
TYPO3-CORE-SA-2024-006: Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Tue. 13th February, 2024
TYPO3-CORE-SA-2024-005: Improper Access Control of Resources Referenced by t3:// URI Scheme

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Tue. 13th February, 2024
TYPO3-CORE-SA-2024-004: Information Disclosure of Encryption Key in TYPO3 Install Tool

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more

Security Advisories

TYPO3-EXT-SA-2024-003: Multiple vulnerabilities in "Events 2" (events2)

TYPO3-CORE-SA-2024-010: Uncontrolled Resource Consumption in ShowImageController

TYPO3-CORE-SA-2024-009: Cross-Site Scripting in ShowImageController

TYPO3-CORE-SA-2024-008: Cross-Site Scripting in Form Manager Module

TYPO3-CORE-SA-2024-007: HTML Injection in History Module

TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)

TYPO3-EXT-SA-2024-001: Broken Access Control in extension "Event management and registration" (sf_event_mgt)

TYPO3-CORE-SA-2024-006: Improper Access Control Persisting File Abstraction Layer Entities via Data Handler

TYPO3-CORE-SA-2024-005: Improper Access Control of Resources Referenced by t3:// URI Scheme

TYPO3-CORE-SA-2024-004: Information Disclosure of Encryption Key in TYPO3 Install Tool

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links