Security Advisories
All Advisories
TYPO3-CORE-SA-2015-012: Cross-Site Scripting vulnerability in typolinks
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2015-011: Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-CORE-SA-2015-010: Cross-Site Scripting in TYPO3 component Extension Manager
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2015-022: Arbitrary Code Execution in extension "MK Forms" (mkforms)
It has been discovered that the extension "MK Forms" (mkforms) is susceptible to Arbitrary Code Execution
TYPO3-EXT-SA-2015-021: SQL Injection in extension "http:BL Blocking" (mh_httpbl)
It has been discovered that the extension "http:BL Blocking" (mh_httpbl) is susceptible to SQL Injection.
TYPO3-EXT-SA-2015-020: Cross-Site Request Forgery in extension "Typo3 Quixplorer" (t3quixplorer)
It has been discovered that the extension "Typo3 Quixplorer" (t3quixplorer) is susceptible to Cross-Site Request Forgery.
TYPO3-EXT-SA-2015-019: File Disclosure in extension "Zend Framework Integration" (zend_framework)
It has been discovered that the extension "Zend Framework Integration" (zend_framework) is susceptible to File Disclosure.
TYPO3-EXT-SA-2015-018: Information Disclosure in extension "Adminer" (t3adminer)
It has been discovered that the extension "Adminer" (t3adminer) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2015-017: Cross-Site Scripting in extension "News system" (news)
It has been discovered that the extension "News system" (news) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2015-016: Information Disclosure in extension "LDAP" (eu_ldap)
It has been discovered that the extension "LDAP" (eu_ldap) is susceptible to Information Disclosure.
TYPO3-CORE-SA-2015-009: Non-Persistent Cross-Site Scripting
It has been discovered, that TYPO3 is susceptible to Non-Persistent Cross-Site Scripting
TYPO3-CORE-SA-2015-008: Unauthenticated Path Disclosure
It has been discovered, that TYPO3 is susceptible to unauthenticated path disclosure.
TYPO3-CORE-SA-2015-002: Access bypass when editing file metadata
It has been discovered, that editors could change, create or delete metadata of files without permission.
TYPO3-CORE-SA-2015-003: Frontend login Session Fixation
It has been discovered that TYPO3 is susceptible to session fixation.
TYPO3-CORE-SA-2015-004: Cross-Site Scripting in Link Handling & File List
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting.
TYPO3-CORE-SA-2015-005: Information Disclosure possibility exploitable by Editors
It has been discovered, that editors could list all files and folders in the root directory of a TYPO3 installation.
TYPO3-CORE-SA-2015-006: Brute Force Protection Bypass in backend login
It has been discovered, that the backend login brute force protection can be bypassed
TYPO3-CORE-SA-2015-007: Cross-Site Scripting in 3rd party library Flowplayer
It has been discovered, that third party component Flowplayer Flash is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2015-015: Cross-Site Scripting in extension "404 Page not found handling" (pagenotfoundhandling)
It has been discovered that the extension "404 Page not found handling" (pagenotfoundhandling) is susceptible to Cross-Site Scripting
TYPO3-EXT-SA-2015-014: SQL Injection in extension "Akronymmanager" (sb_akronymmanager)
It has been discovered that the extension "Akronymmanager" (sb_akronymmanager) is susceptible to SQL Injection