Security Bulletins for TYPO3 Extensions

Wed. 22nd March, 2023

TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Fluid Components" (fluid_components) is susceptible to Cross-Site Scripting.

Tue. 21st February, 2023

TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Forms Export" (frp_form_answers) is susceptible to Cross-Site Scripting.

Tue. 31st January, 2023

TYPO3-EXT-SA-2023-001: Broken Access Control in extension "femanager" (femanager)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Broken Access Control.

Tue. 13th December, 2022

TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Master-Quiz" (fp_masterquiz) is susceptible to Information Disclosure and Broken Access Control.

Tue. 13th December, 2022

TYPO3-EXT-SA-2022-017: Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Newsletter subscriber management" (fp_newsletter) is susceptible to Information Disclosure and Broken…

Tue. 13th December, 2022

TYPO3-EXT-SA-2022-016: Insufficient Session Expiration after Password Change in extension "Change password for frontend users" (fe_change_pwd)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to insufficient session expiration.

Wed. 2nd November, 2022

TYPO3-EXT-SA-2022-015: Broken Access Control in extension "femanager" (femanager)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Broken Access Control.

Tue. 12th July, 2022

TYPO3-EXT-SA-2022-014: SQL Injection in extension "LUX - TYPO3 Marketing Automation" (lux)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "LUX - TYPO3 Marketing Automation" (lux) is susceptible to SQL Injection.

Tue. 14th June, 2022

TYPO3-EXT-SA-2022-013: Cross-Site Scripting in extension "AMEOS - TarteAuCitron (GDPR cookie banner and tracking management / French RGPD compatible)" (ameos_tarteaucitron)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "AMEOS - TarteAuCitron (GDPR cookie banner and tracking management / French RGPD compatible)"…

Tue. 14th June, 2022

TYPO3-EXT-SA-2022-012: Cross-Site Scripting in extension "Embedding schema.org vocabulary" (schema)

Categories: Development, Security

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Embedding schema.org vocabulary" (schema) is susceptible to Cross-Site Scripting.