-
TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
Categories: Development, TYPO3 CMSAdvisory type: Public Service AnnouncementsRead moreRepeating and refining public service announcement TYPO3-PSA-2019-010.
-
TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode
Categories: Development, TYPO3 CMSAdvisory type: Public Service AnnouncementsRead moreAccessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.
-
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to XML external entity processing.
-
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
-
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is vulnerable to cross-site scripting..
-
TYPO3-CORE-SA-2020-009: Cross-Site Scripting through Fluid view helper arguments
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that the Fluid Engine is vulnerable to cross-site scripting.
-
TYPO3-EXT-SA-2020-020: Denial of Service in extension "Authenticator" (defbu_authenticator)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Authenticator" (defbu_authenticator) is susceptible to Denial of Service.
-
TYPO3-EXT-SA-2020-019: Sensitive Data Exposure in extension "View frontend statistics" (view_statistics)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "View frontend statistics" (view_statistics) is susceptible to Sensitive Data Exposure.
-
TYPO3-EXT-SA-2020-018: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection and Cross-Site Scripting.
-
TYPO3-EXT-SA-2020-017: Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to Information Disclosure and Broken…