Security Advisories

TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface

12.05.2020

It has been discovered that TYPO3 CMS is vulnerable to same-origin request forgery.

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

12.05.2020

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.

TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

12.05.2020

It has been discovered that the extension "SVG Sanitizer" (svg_sanitizer) is vulnerable to Cross-Site Scripting.

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

12.05.2020

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

12.05.2020

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)

12.05.2020

It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

12.05.2020

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)

12.05.2020

It has been discovered that the extension "gForum" (g_forum) is susceptible to Broken Access Control.

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

12.05.2020

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)

12.05.2020

It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Denial of Service, Broken Access Control, Open Redirect and…

TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)

12.05.2020

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to SQL Injection.

TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

10.03.2020

It has been discovered that the extension "Magalone Flipbook for TYPO3" (magaloneflipbook) is susceptible to Remote Code Execution, Arbitrary File…

TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)

10.03.2020

It has been discovered that the extension "PHPUnit" (phpunit) is susceptible to Remote Code Execution.

TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)

10.03.2020

It has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection.

TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

17.12.2019

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site-Request-Forgery (CSRF).

TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

17.12.2019

It has been discovered that the extension "femanager direct mail subscription" (femanager_dmail_subscribe) is susceptible to Privilege Escalation.

All Advisories

TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)

TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)

TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)

TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)

TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)

TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)

TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)

TYPO3-CORE-SA-2019-026: Insecure Deserialization in Query Generator & Query View