Security Bulletins:

It has been discovered that the TYPO3 prepared statement database API allows SQL Injections.

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting (XSS), Information Disclosure, Authentication Delay Bypass, Unserialize()…

It has been discovered that TYPO3 Core is vulnerable to Arbitrary Code Execution, Path Traversal, Cross-Site Scripting (XSS), SQL injection and…

It has been discovered that TYPO3 Core is vulnerable to Remote File Disclosure, Cross-Site Scripting (XSS), Privilege Escalation and Denial of…

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting (XSS), Open Redirection, SQL Injection, Broken Authentication and Session…

A problem has been discovered with indexed search being vulnerable to Cross-Site-Scripting (XSS)