Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 22nd February, 2022
TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
Read more
Thu. 16th December, 2021
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Torben Hansen

Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…
Read more
Thu. 16th December, 2021
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader and Torben Hansen

It has been discovered that TYPO3 CMS is susceptible to cache poisoning.
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension"pixx.io integration for TYPO3 (DAM)" (pixxio) is susceptible to Server-side request forgery, Remote Code…
Read more
Wed. 10th November, 2021
TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
Read more

Security Advisories

TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)

TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)

TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links