Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 15th February, 2022
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
Read more
Thu. 16th December, 2021
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Torben Hansen

Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…
Read more
Thu. 16th December, 2021
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader and Torben Hansen

It has been discovered that TYPO3 CMS is susceptible to cache poisoning.
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension"pixx.io integration for TYPO3 (DAM)" (pixxio) is susceptible to Server-side request forgery, Remote Code…
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-015: Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension"Google for Jobs" (google_for_jobs) is susceptible to Cross-Site Scripting.
Read more
Tue. 5th October, 2021
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

Categories: Development, Security

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to HTTP header injection.
Read more
Tue. 5th October, 2021
TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling

Categories: Development, Security

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site-request-forgery.
Read more
Tue. 10th August, 2021
TYPO3-EXT-SA-2021-014: SQL Injection in extension "Newsletter" (newsletter)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension"Newsletter" (newsletter) is susceptible to SQL Injection.
Read more

Security Advisories

TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)

TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)

TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)

TYPO3-EXT-SA-2021-015: Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling

TYPO3-EXT-SA-2021-014: SQL Injection in extension "Newsletter" (newsletter)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links