Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 20th May, 2025
TYPO3-CORE-SA-2025-015: Broken Authentication in Backend MFA

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to broken authentication.
Read more
Tue. 20th May, 2025
TYPO3-CORE-SA-2025-014: Unrestricted File Upload in File Abstraction Layer

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
Read more
Tue. 20th May, 2025
TYPO3-CORE-SA-2025-013: Unverified Password Change for Backend Users

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
Read more
Tue. 20th May, 2025
TYPO3-CORE-SA-2025-012: Server-Side Request Forgery via Webhooks

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to server side request forgery..
Read more
Tue. 20th May, 2025
TYPO3-CORE-SA-2025-011: Information Disclosure via DBAL Restriction Handling

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Tue. 18th March, 2025
TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting and Insecure Direct Object Reference.
Read more
Tue. 18th March, 2025
TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension “Additional TCA” (additional_tca) is susceptible to Cross-Site Scripting.
Read more
Tue. 28th January, 2025
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "OpenID Connect Authentication" (oidc) is susceptible to Account Takeover.
Read more
Tue. 14th January, 2025
TYPO3-CORE-SA-2025-010: Cross-Site Request Forgery in DB Check Module

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to cross-site request forgery.
Read more
Tue. 14th January, 2025
TYPO3-CORE-SA-2025-009: Cross-Site Request Forgery in Scheduler Module

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to cross-site request forgery.
Read more

Security Advisories

TYPO3-CORE-SA-2025-015: Broken Authentication in Backend MFA

TYPO3-CORE-SA-2025-014: Unrestricted File Upload in File Abstraction Layer

TYPO3-CORE-SA-2025-013: Unverified Password Change for Backend Users

TYPO3-CORE-SA-2025-012: Server-Side Request Forgery via Webhooks

TYPO3-CORE-SA-2025-011: Information Disclosure via DBAL Restriction Handling

TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)

TYPO3-CORE-SA-2025-010: Cross-Site Request Forgery in DB Check Module

TYPO3-CORE-SA-2025-009: Cross-Site Request Forgery in Scheduler Module

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links