Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 28th July, 2020
TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS

Categories: Development

Advisory type: Public Service Announcements

It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the…
Read more
Tue. 7th July, 2020
TYPO3-EXT-SA-2020-013: Multiple vulnerabilities in extension "mm_forum" (mm_forum)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "mm_forum" (mm_forum) is susceptible to Cross Site Scripting and CSRF.
Read more
Tue. 7th July, 2020
TYPO3-EXT-SA-2020-012: Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Google reCAPTCHA (v2/v3)" (jh_captcha) is susceptible to Cross-Site Scripting.
Read more
Tue. 7th July, 2020
TYPO3-EXT-SA-2020-011: Remote Code Execution in extension "Turn!" (turn)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Turn!" (turn) is susceptible to Remote Code Execution.
Read more
Tue. 7th July, 2020
TYPO3-EXT-SA-2020-010: Broken Access Control in extension "typo3_forum" (typo3_forum)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "typo3_forum" (typo3_forum) is susceptible to Broken Access Control.
Read more
Tue. 7th July, 2020
TYPO3-EXT-SA-2020-009: Cross-Site Scripting in extension "Faceted Search" (ke_search)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to Cross-Site Scripting.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to same-origin request forgery.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
Read more
Tue. 12th May, 2020
TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Oliver Hader

It has been discovered that the extension "SVG Sanitizer" (svg_sanitizer) is vulnerable to Cross-Site Scripting.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
Read more

Security Advisories

TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS

TYPO3-EXT-SA-2020-013: Multiple vulnerabilities in extension "mm_forum" (mm_forum)

TYPO3-EXT-SA-2020-012: Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)

TYPO3-EXT-SA-2020-011: Remote Code Execution in extension "Turn!" (turn)

TYPO3-EXT-SA-2020-010: Broken Access Control in extension "typo3_forum" (typo3_forum)

TYPO3-EXT-SA-2020-009: Cross-Site Scripting in extension "Faceted Search" (ke_search)

TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links