State of the Education

First, let me emphasize, that the Education Committee is a team of highly committed, professional and motivated members. And - all of them are working wholly voluntary and without any payment.…

Information Disclosure in Install Tool

Component Type: TYPO3 CMS Subcomponent: Install Tool (ext:install) Release Date: November 14, 2023 Vulnerability Type: Information Disclosure Affected Versions: 12.2.0-12.4.7 Severity: Low Suggested…

TYPO3 4.1.4 and 4.0.8

TYPO3 versions 4.1.4 and 4.0.8 are ready for download. They are maintenance releases of versions 4.0 and 4.1. Both versions contain only bugfixes and one low-severity security fix. The most notable…

AWS S3 typo3temp assets (tm_s3assets)

This extension rewrites typo3temp assets to an AWS S3 bucket url.

Show extension details Download ZIP of version 1.0.1

Extensions FAQ updated

No matter if you're just using extensions or are an extension developer yourself - at some point you might have a question because you're stuck. Before asking a developer or the TYPO3.org team…

General Assembly 2015

The General Assembly (GA) is the body with the highest authority within the Association. At this annual meeting many basic decisions are taken, online elections are approved and budget decisions by…

Introducing the TYPO3 Initiative Week (T3INIT19)

As recent news announced , further development of TYPO3 CMS will focus on development through initiatives . Initiatives consist of independently working teams, driving a specific research area or…

The Phoenix team reports on the Developer Days 2012

I personally feel that especially the transition between TYPO3 v4 (which is soon called v6) and FLOW3 / Phoenix really works out. At the overall Core Team Meeting before the T3DD, we recognized that…

CSV Code Injection

Component Type: 3rd party extensions (not being part of TYPO3 default installation) Release Date: July 20, 2021 Impact: CSV Code Injection Type: Advisory Problem Description CSV code injection is an…

KB Kickstarter (kb_kickstarter)

This extension allows you to easily kick start new tables for use in TYPO3. No need to edit tca.php, ext_tables.php or other weird stuff. Documentation currently on forge wiki:…

Show extension details Download ZIP of version 0.1.1

Secrets and Benefits of the TYPO3 Professional Service Listing (PSL)

Those accepted and included in the Professional Services Listing have proven to be highly professional TYPO3 agencies (big or small!) and are active participants in the TYPO3 universe. If you are not…

Submit your 2017 budget application

Mike is back! Still motivated and enthusiast to be part of a great Open Source community, Mike wants to further share his ideas and knowledge in 2017. Just like him, you can download the budget…

Information Disclosure in TYPO3 CMS

Component Type: TYPO3 CMS Release Date: September 5, 2017 Vulnerability Type: Information Disclosure Affected Versions: 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 Severity: Low Suggested CVSS v2.0:…

Cross-Site Scripting in Content Preview

Component Type: TYPO3 CMS Subcomponent: Content Preview Renderer (ext:backend) Release Date: March 16, 2021 Vulnerability Type: Cross-Site Scripting Affected Versions: 10.0.0-10.4.1, 11.0.0-11.1.0…

Cross-Site Scripting in Form Framework

Component Type: TYPO3 CMS Subcomponent: Form Framework (ext:form) Release Date: March 16, 2021 Vulnerability Type: Cross-Site Scripting Affected Versions: 10.2.0-10.4.13, 11.0.0-11.1.0 Severity:…

Cross-Site Scripting in Backend Modal Component

Component Type: TYPO3 CMS Vulnerable subcomponent: Backend modal component Release Date: December 11, 2018 Vulnerability Type: Cross-Site Scripting Affected Versions: 7.1.0-7.6.31, 8.5.0-8.7.20 and…

TYPO3 Security Bulletin

Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default…

TYPO3 Summer of Code 2012 - it happens!

I wrote down some basic rules and a roadmap for the summer in the wiki on http://wiki.typo3.org/T3soc2012 . Now it's your turn to hand in a project proposal. We are really looking forward to it. Basic…

Cross-Site Scripting in extension "Extension Kickstarter" (kickstarter)

Release Date: March 03, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: version 0.5.3 and below Vulnerability Type:…

Cross-Site Scripting in TYPO3 component CSS styled content

Component Type: TYPO3 CMS Release Date: February 23, 2016 Vulnerable subcomponent: CSS styled content Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to…

Cross-Site Scripting in link validator component

Component Type: TYPO3 CMS Release Date: February 16, 2016 Vulnerable subcomponent: link validator Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 6.2.0 to 6.2.17 and 7.6.0 to…

Steering Committee Strategical Meeting

Strategy Benni tells about the past User eXperience Week (T3UXW09) and how much work can be done during such a week. We will definitely repeat these 'code sprints'. We will keep aiming TYPO3 as “The…

Cross-Site Scripting in Form Engine

Component Type: TYPO3 CMS Subcomponent: Form Engine (ext:backend) Release Date: May 12, 2020 Vulnerability Type: Cross-Site Scripting Affected Versions: 9.0.0-9.5.16, 10.0.0-10.4.1 Severity: Medium…

Sensitive Data Exposure in extension "Job Fair" (jobfair)

Release Date: May 12, 2020 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Component: Job Fair (ext:jobfair) Vulnerability Type: Sensitive Data…

TYPO3 in the Cloud – User Group meets Microsoft

Topics of the meeting are TYPO3 in the cloud with Microsoft Azure and Platform.sh, the Microsoft Cloud Germany and the new Form Framework in TYPO3 8.5. Microsoft and open source Microsoft has…