Security Advisories
All Advisories
TYPO3-EXT-SA-2016-009: Multiple vulnerabilities in extension "Ajax mail subscription" (ods_ajaxmailsubscription)
It has been discovered that the extension "Ajax mail subscription" (ods_ajaxmailsubscription) is susceptible to Insecure Authentication and Session…
TYPO3-EXT-SA-2016-008: SQL Injection in extension "Another simple gallery" (chgallery)
It has been discovered that the extension "Another simple gallery" (chgallery) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-007: Multiple vulnerabilities in extension phpMyAdmin (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to unsafe comparison of XSRF/CSRF token, multiple full path…
TYPO3-EXT-SA-2016-006: Cross-Site Scripting in extension "Apache Solr for TYPO3" (solr)
It has been discovered that the extension "Apache Solr for TYPO3" (solr) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-005: Cross-Site Scripting in extension "Extension Kickstarter" (kickstarter)
It has been discovered that the extension "Extension Kickstarter" (kickstarter) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-004: Multiple vulnerabilities in extension "Fe user statistic" (festat)
It has been discovered that the extension "Fe user statistic" (festat) is susceptible to Cross-Site Scripting, Insecure Unserialize and Information…
TYPO3-EXT-SA-2016-003: Cross-Site Scripting in extension "Google Sitemap" (enter_new_weeaar_googlesitemap)
It has been discovered that the extension "Google Sitemap" (enter_new_weeaar_googlesitemap) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-002: Cross-Site Scripting in extension "List frontend users" (listfeusers)
It has been discovered that the extension "List frontend users" (listfeusers) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2016-001: Information Disclosure in extension "UTOPIA" (ics_utopia)
It has been discovered that the extension "UTOPIA" (ics_utopia) is susceptible to Information Disclosure.
TYPO3-CORE-SA-2016-008: Denial of Service attack possibility in TYPO3 component Indexed Search
It has been discovered, that TYPO3 is susceptible to a Denial of Service attack.
TYPO3-CORE-SA-2016-007: Cross-Site Scripting in TYPO3 component CSS styled content
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2016-006: Cross-Site Scripting in TYPO3 component Backend
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2016-005: XML External Entity (XXE) Processing in TYPO3 Core
It has been discovered, that TYPO3 is susceptible to XML External Entity Processing
TYPO3-CORE-SA-2016-004: Cross-Site Scripting in form component
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2016-003: Cross-Site Scripting in legacy form component
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2016-002: Cross-Site Scripting in link validator component
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2016-001: SQL Injection in dbal
It has been discovered, that TYPO3 is susceptible to SQL Injection
TYPO3-CORE-SA-2015-015: Cross-Site Scripting in TYPO3 component Indexed Search
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2015-014: TYPO3 is susceptible to Cross-Site Flashing
It has been discovered, that TYPO3 is susceptible to Cross-Site Flashing
TYPO3-CORE-SA-2015-013: Multiple Cross-Site Scripting vulnerabilities in frontend
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting