Security Advisories
All Advisories
TYPO3-EXT-SA-2017-010: Cross Site-Scripting in extension "Recommend page " (pb_recommend_page)
It has been discovered that the extension "Recommend page " (pb_recommend_page) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-009: Cross Site-Scripting in extension "T3Blog Extbase" (t3extblog)
It has been discovered that the extension "T3Blog Extbase" (t3extblog) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-008: Multiple vulnerabilities in extension "File manager" (ameos_filemanager)
It has been discovered that the extension "File manager" (ameos_filemanager) is susceptible to Remote Code Execution, SQL Injection and Information…
TYPO3-PSA-2017-001: Privilege Escalation in Extension Repository (TER)
It has been discovered that the TYPO3 Extension Repository (TER) is vulnerable to privilege escalation.
TYPO3-CORE-SA-2017-007: Arbitrary Code Execution in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Arbitrary Code Execution.
TYPO3-CORE-SA-2017-005: Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure.
TYPO3-CORE-SA-2017-006: Information Disclosure in TYPO3 CMS
It has been discovered, that TYPO3 CMS is susceptible to Information Disclosure.
TYPO3-CORE-SA-2017-004: Cross-Site Scripting in TYPO3 CMS Backend
It has been discovered, that TYPO3 CMS is vulnerable to Cross-Site Scripting.
TYPO3-EXT-SA-2017-003: SQL Injection in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to SQL Injection.
TYPO3-EXT-SA-2017-004: Remote Code Execution in extension "Maag Sendmail" (maag_sendmail)
It has been discovered that the extension "Maag Sendmail" (maag_sendmail) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2017-005: Remote Code Execution in extension "AH Sendmail" (ah_sendmail)
It has been discovered that the extension "AH Sendmail" (ah_sendmail) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2017-006: Remote Code Execution in extension "PHPMailer" (bb_phpmailer)
It has been discovered that the extension "PHPMailer" (bb_phpmailer) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2017-007: SQL Injection in extension "Content Rating Extbase" (content_rating_extbase)
It has been discovered that the extension "Content Rating Extbase" (content_rating_extbase) is susceptible to SQL Injection.
TYPO3-EXT-SA-2017-002: SQL Injection in extension "Event management and registration" (sf_event_mgt)
It has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to SQL Injection.
TYPO3-EXT-SA-2017-001: SQL Injection in extension "News system" (news)
It has been discovered that the extension "News system" (news) is susceptible to SQL Injection.
TYPO3-CORE-SA-2017-003: Cross-Site Scripting in TYPO3 CMS
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting
TYPO3-CORE-SA-2017-002: Authentication Bypass in TYPO3 Frontend
It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass.
TYPO3-CORE-SA-2017-001: Remote Code Execution in third party library swiftmailer
It has been discovered, that the third party package swiftmailer/swiftmailer is vulnerable to Remote Code Execution
TYPO3-CORE-SA-2016-024: Path Traversal in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to Path Traversal.
TYPO3-CORE-SA-2016-023: Insecure Unserialize in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize.