Security Bulletins:

TYPO3 CMS

Tue. 16th March, 2021
TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to unrestricted file upload.
Read more
Tue. 16th March, 2021
TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to open redirection.
Read more
Tue. 17th November, 2020
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to XML external entity processing.
Read more
Tue. 17th November, 2020
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
Read more
Tue. 17th November, 2020
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting..
Read more
Tue. 17th November, 2020
TYPO3-CORE-SA-2020-009: Cross-Site Scripting through Fluid view helper arguments

Categories: Development, TYPO3 CMS

Advisory type: TYPO3 CMS
Created by Claus Due

It has been discovered that the Fluid Engine is vulnerable to cross-site scripting.
Read more
Tue. 28th July, 2020
TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure.
Read more
Tue. 28th July, 2020
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is susceptible to privilege escalation.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to same-origin request forgery.
Read more
Tue. 12th May, 2020
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
Read more