Security Advisories
All Advisories
TYPO3-EXT-SA-2013-012: Several vulnerabilities in extension Formhandler (formhandler)
It has been discovered that the extension "Formhandler" (Formhandler) is vulnerable to SQL-Injection, Arbitrary Code Execution and Authentication…
TYPO3-EXT-SA-2013-011: Cross-Site Scripting vulnerability in extension Front End User Registration (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is vulnerable to Cross-Site Scripting.
TYPO3-CORE-SA-2013-002: Cross-Site Scripting and Remote Code Execution Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting and Remote Code Execution
TYPO3-EXT-SA-2013-010: SQL Injection vulnerability in extension Multishop (multishop)
It has been discovered that the extension "Multishop" (multishop) is vulnerable to SQL-Injection.
TYPO3-EXT-SA-2013-007: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: accessible_is_browse_results, maag_formcaptcha, meta_feedit,…
TYPO3-EXT-SA-2013-006: Security Bypass Vulnerability in extension powermail (powermail)
It has been discovered that the extension "powermail" (powermail) is susceptible to Security Bypass Vulnerability.
TYPO3-CORE-SA-2013-001: SQL Injection and Open Redirection in TYPO3 Core
It has been discovered that TYPO3 Core is susceptible to SQL Injection and Open Redirection
TYPO3-EXT-SA-2013-005: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: fed, myquizpoll, push2rss_3ds, slideshare, wec_discussion
TYPO3-EXT-SA-2013-004: Cross-Site Scripting vulnerability in extension Static Info Tables (static_info_tables)
It has been discovered that the extension "Static Info Tables" (static_info_tables) is vulnerable to Cross-Site Scripting.
TYPO3-EXT-SA-2013-003: SQL Injection vulnerability in extension CoolURI (cooluri)
It has been discovered that the extension "CoolURI" (cooluri) is vulnerable to SQL Injection.
TYPO3-EXT-SA-2013-002: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eu_subscribe, exinit_job_offer,…
TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools, t3jquery,…
TYPO3-EXT-SA-2012-013: Several Vulnerabilities in extension commerce (commerce)
It has been discovered that the extension commerce (commerce) is vulnerable to Cross Site Scripting.
TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to SQL Injection, Information Disclosure and Cross-Site Scripting
TYPO3-EXT-SA-2012-012: Several Vulnerabilities in extension Formhandler (formhandler)
It has been discovered that the extension Formhandler (formhandler) is vulnerable to SQL-Injection and Cross-Site Scripting.
TYPO3-CORE-SA-2012-004: Several Vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code…
TYPO3-EXT-SA-2012-011: Cross-site scripting vulnerability in extension powermail for TYPO3 (powermail)
It has been discovered that the extension "powermail" (powermail) is vulnerable to Cross-Site Scripting, SQL Injection and Arbitrary Code Execution.
TYPO3-CORE-SA-2012-003: Cross-Site Scripting Vulnerability in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting.
TYPO3-EXT-SA-2012-010: Cross-site scripting vulnerability in extension Seminars (seminars)
It has been discovered that the extension "Seminars" (seminars) is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2012-009: Cross-site scripting vulnerability in extension powermail for TYPO3 (powermail)
It has been discovered that the extension "powermail" (powermail) is vulnerable to cross-site scripting.