It has been discovered that the extension "Embedding schema.org vocabulary" (schema) is susceptible to Cross-Site Scripting.

It has been discovered that the extension "Matomo Integration" (matomo_integration) is susceptible to Cross-Site Scripting.

It has been discovered that the extension "libconnect" (libconnect) is susceptible to Cross-Site Scripting.

It has been discovered that the extension "Grid Elements" (gridelements) is susceptible to Cross-Site Scripting.

It has been discovered that the extension "Adminer" (t3adminer) is susceptible to Server-side request forgery and Cross-Site Scripting.

It has been discovered that the extension "One is Enough Library" (oelib) is susceptible to SQL Injection.

It has been discovered that the extension "Seminar Manager" (seminars) is susceptible to SQL Injection.

It has been discovered that the extension "Job portal" (psvneo_jobfair) is susceptible to Remote Code Execution.

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.

It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.