Public Service Announcements for TYPO3

Tue. 17th November, 2020

TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader

Repeating and refining public service announcement TYPO3-PSA-2019-010.

Tue. 17th November, 2020

TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode

Categories: Development, TYPO3 CMS

Advisory type: Public Service Announcements

Created by Oliver Hader

Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.

Tue. 28th July, 2020

TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS

Categories: Development

Advisory type: Public Service Announcements

It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the…

Tue. 17th December, 2019

TYPO3-PSA-2019-011: Possible Insecure Deserialization in Extbase Request Handling

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that TYPO3 CMS can be vulnerable to insecure deserialization.

Tue. 17th December, 2019

TYPO3-PSA-2019-010: Cross-Site Scripting Vulnerabilities in File Upload Handling

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that TYPO3 is susceptible to cross-site scripting.

Wed. 30th October, 2019

TYPO3-PSA-2019-009: Truncated passwords during authentication process on typo3.org services

Categories: Community

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that passwords were truncated during authentication process on typo3.org services.

Wed. 8th May, 2019

TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.

Wed. 8th May, 2019

TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.

Tue. 7th May, 2019

TYPO3-PSA-2019-006: Security Misconfiguration since TYPO3 9.4.0

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that TYPO3 is susceptible to security misconfiguration.

Tue. 7th May, 2019

TYPO3-PSA-2019-005: Cross-Site Scripting in Bootstrap CSS toolkit before 3.4.1 and 4.3.0

Categories: Development

Advisory type: Public Service Announcements

Created by Oliver Hader

It has been discovered that 3rd party library Bootstrap CSS toolkit bundled with TYPO3 is vulnerable to cross-site scripting through prototype…

Security Bulletins: