Security Bulletins for TYPO3 Extensions

Tue. 22nd July, 2025

TYPO3-EXT-SA-2025-010: Insecure Direct Object Reference in extension "femanager" (femanager)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.

Tue. 22nd July, 2025

TYPO3-EXT-SA-2025-009: Insecure Direct Object Reference in extension "powermail" (powermail)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "powermail" (powermail) is susceptible to Insecure Direct Object Reference.

Tue. 20th May, 2025

TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Elias Häußler

It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Remote Code Execution and Insecure…

Tue. 20th May, 2025

TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Elias Häußler

It has been discovered that the extension "Backup Plus" (ns_backup) is susceptible to Command Injection, Predictable Resource Location and Cross-Site…

Tue. 20th May, 2025

TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Elias Häußler

It has been discovered that the extension "femanager" (femanager) is susceptible to Insecure Direct Object Reference.

Tue. 20th May, 2025

TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Elias Häußler

It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting.

Tue. 20th May, 2025

TYPO3-EXT-SA-2025-004: Insecure Direct Object Reference in extension "Download manager" (reint_downloadmanager)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Elias Häußler

It has been discovered that the extension "Download manager" (reint_downloadmanager) is susceptible to Insecure Direct Object Reference.

Tue. 18th March, 2025

TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting and Insecure Direct Object Reference.

Tue. 18th March, 2025

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension “Additional TCA” (additional_tca) is susceptible to Cross-Site Scripting.

Tue. 28th January, 2025

TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "OpenID Connect Authentication" (oidc) is susceptible to Account Takeover.