Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.

Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…

It has been discovered that TYPO3 CMS is susceptible to cache poisoning.

It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external…

It has been discovered that the TYPO3 extension “Indexed Search” may index sensitive links under certain conditions.

Repeating and refining public service announcement TYPO3-PSA-2019-010.

Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.

It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the…

It has been discovered that TYPO3 CMS can be vulnerable to insecure deserialization.

It has been discovered that TYPO3 is susceptible to cross-site scripting.