-
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
-
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
-
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
-
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
Categories: Development, Security, TYPO3 CMSAdvisory type: Public Service AnnouncementsRead moreComponents of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…
-
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters
Categories: Development, Security, TYPO3 CMSAdvisory type: Public Service AnnouncementsRead moreIt has been discovered that TYPO3 CMS is susceptible to cache poisoning.
-
TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
-
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension"pixx.io integration for TYPO3 (DAM)" (pixxio) is susceptible to Server-side request forgery, Remote Code…
-
TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
-
TYPO3-EXT-SA-2021-015: Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension"Google for Jobs" (google_for_jobs) is susceptible to Cross-Site Scripting.
-
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
Categories: Development, SecurityAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is vulnerable to HTTP header injection.