-
TYPO3-CORE-SA-2018-007: Cross-Site Scripting in Backend Modal Component
Categories: DevelopmentAdvisory type: TYPO3 CMSRead moreIt has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
-
TYPO3-CORE-SA-2018-006: Cross-Site Scripting in Online Media Asset Rendering
Categories: DevelopmentAdvisory type: TYPO3 CMSRead moreIt has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
-
TYPO3-CORE-SA-2018-005: Cross-Site Scripting in CKEditor
Categories: DevelopmentAdvisory type: TYPO3 CMSRead moreIt has been discovered, that TYPO3 CMS is vulnerable to cross-site scripting.
-
TYPO3-PSA-2018-002: Web Resource Restrictions
Categories: DevelopmentAdvisory type: Public Service AnnouncementsRead moreIt has been discovered that development related information can be retrieved by regular HTTP GET requests on NGINX web server environments missing…
-
TYPO3-EXT-SA-2018-010: Cross-Site Scripting in extension "libconnect" (libconnect)
Categories: DevelopmentAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "libconnect" (libconnect) is susceptible to Cross-Site Scripting.
-
TYPO3-PSA-2018-001: By-passing Protection of PharStreamWrapper Interceptor
Categories: DevelopmentAdvisory type: Public Service AnnouncementsRead moreIt has been discovered that the protection against insecure deserialization can be by-passed in PharStreamWrapper component.
-
TYPO3-EXT-SA-2018-009: Information Disclosure in extension "TemplaVoilà! Plus" (templavoilaplus)
Categories: SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "TemplaVoilà! Plus" (templavoilaplus) is susceptible to Information Disclosure.
-
TYPO3-EXT-SA-2018-008: Cross-Site Scripting in extension "Frontend Treeview" (mh_treeview)
Categories: SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Frontend Treeview" (mh_treeview) is susceptible to Cross-Site Scripting.
-
TYPO3-EXT-SA-2018-007: Environment Variable Injection in extension "Amazon Web Services SDK " (aws_sdk)
Categories: SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Amazon Web Services SDK " (aws_sdk) is susceptible to Environment Variable Injection.
-
TYPO3-EXT-SA-2018-006: Captcha bypass in extension "Front End User Registration" (sr_feuser_register)
Categories: SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Captcha bypass.