Security Advisories
All Advisories
TYPO3-CORE-SA-2016-021: Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting
TYPO3-EXT-SA-2016-022: Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
Release Date: September 12, 2016 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected…
TYPO3-EXT-SA-2016-021: Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
It has been discovered that the extension "Speaking URLs for TYPO3" (realurl) is susceptible to Denial of Service.
TYPO3-CORE-SA-2016-020: Cross-Site Scripting in third party library mso/idna-convert
It has been discovered, that TYPO3 ships example code of mso/idna-convert library that is vulnerable to Cross-Site Scripting
TYPO3-CORE-SA-2016-019: Environment Variable Injection
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library…
TYPO3-CORE-SA-2016-018: Cross-Site Scripting vulnerability in typolinks
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2016-017: Information Disclosure in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Information Disclosure.
TYPO3-CORE-SA-2016-016: SQL Injection in TYPO3 Frontend Login
It has been discovered, that TYPO3 is susceptible to SQL Injection.
TYPO3-CORE-SA-2016-015: Insecure Unserialize in TYPO3 Import/Export
It has been discovered, that TYPO3 is susceptible to Insecure Unserialize.
TYPO3-CORE-SA-2016-014: Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-020: Insecure Unserialize in extension "Page path" (pagepath)
It has been discovered that the extension "Page path" (pagepath) is susceptible to Insecure Unserialize.
TYPO3-EXT-SA-2016-019: Cross-Site Scripting in extension "CCDebug" (cc_debug)
It has been discovered that the extension "CCDebug" (cc_debug) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-018: Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package)
It has been discovered that the extension "Bootstrap Package" (bootstrap_package) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-017: Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription)
It has been discovered that the extension "MMC directmail subscription" (mmc_directmail_subscription) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2016-016: Multiple vulnerabilities in extension "http:BL Blocking" (mh_httpbl)
It has been discovered that the extension "http:BL Blocking" (mh_httpbl) is susceptible to SQL Injection and Cross-Site Scripting.
TYPO3-EXT-SA-2016-015: Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007)
It has been discovered that the extension "Static Methods since 2007" (div2007) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-014: Information Disclosure in extension "Questionnaire" (ke_questionnaire)
It has been discovered that the extension "Questionnaire" (ke_questionnaire) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2016-013: SQL Injection in extension "Browser - TYPO3 without PHP" (browser)
It has been discovered that the extension "Browser - TYPO3 without PHP" (browser) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-012: Path Traversal in extension "Media management" (media)
It has been discovered that the extension "Media management" (media) is susceptible to Path Traversal.
TYPO3-EXT-SA-2016-011: Cross-Site Scripting in extension "Formhandler" (formhandler)
It has been discovered that the extension "Formhandler" (formhandler) is susceptible to Cross-Site Scripting.