Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 7th May, 2019
TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-007: Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "ImageOptimizer" (imageoptimizer) is susceptible to Remote Code Execution.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-006: Open Redirect in extension "Hairu" (hairu)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Hairu" (hairu) is susceptible to an Open Redirect.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-005: SQL Injection in extension "Faceted Search" (ke_search)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to SQL Injection.
Read more
Tue. 7th May, 2019
TYPO3-PSA-2019-006: Security Misconfiguration since TYPO3 9.4.0

Categories: Development

Advisory type: Public Service Announcements
Created by Oliver Hader

It has been discovered that TYPO3 is susceptible to security misconfiguration.
Read more
Tue. 7th May, 2019
TYPO3-PSA-2019-005: Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0

Categories: Development

Advisory type: Public Service Announcements
Created by Oliver Hader

It has been discovered that 3rd party library Bootstrap CSS toolkit bundled with TYPO3 is vulnerable to cross-site scripting through prototype…
Read more
Tue. 7th May, 2019
TYPO3-PSA-2019-004: Cross-Site Scripting in jQuery before 3.4.0

Categories: Development

Advisory type: Public Service Announcements
Created by Oliver Hader

It has been discovered that 3rd party library jQuery bundled with TYPO3 is vulnerable to cross-site scripting through prototype pollution.
Read more

Security Advisories

TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)

TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)

TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

TYPO3-EXT-SA-2019-007: Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)

TYPO3-EXT-SA-2019-006: Open Redirect in extension "Hairu" (hairu)

TYPO3-EXT-SA-2019-005: SQL Injection in extension "Faceted Search" (ke_search)

TYPO3-PSA-2019-006: Security Misconfiguration since TYPO3 9.4.0

TYPO3-PSA-2019-005: Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0

TYPO3-PSA-2019-004: Cross-Site Scripting in jQuery before 3.4.0

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links