Security Advisories
All Advisories
TYPO3 Security Bulletin
It has been discovered that the extension Virtual Civil Services (civserv) is vulnerable to SQL-injections.
TYPO3 Security Bulletin
It has been discovered that the extension CWT Community (cwt_community) is vulnerable to SQL-injections.
Security issues in several third party TYPO3 extensions including civserv, cwt_community and ve_guestbook
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Virtual Civil Services" (civserv), "Modern Guestbook /…
Multiple vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "A21glossary Advanced Output" (a21glossary_advanced_output),…
Information Disclosure in third party extension "Frontend User registration"
It has been discovered that the TYPO3 extension "Frontend User Registration" (sr_feuser_register) is susceptible to Information Disclosure.
Security issues in several third party TYPO3 extensions including sr_feuser_register
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Frontend User Registration" (sr_feuser_register), "A21glossary…
Multiple vulnerabilities in TYPO3 third party extensions
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Accessibility Glossary" (a21glossary), "Calendar Base" (cal),…
Several third party TYPO3 extensions contain security issues
Vulnerabilities have been found in the following third party TYPO3 extensions: "Accessibility Glossary" (a21glossary), "Calendar Base" (cal), "Flat…
Information Disclosure & XSS in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Information Disclosure and Cross-Site Scripting.
Information Disclosure & XSS in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Information Disclosure and Cross-Site Scripting.
Important Security-Bulletin Pre-Announcement
Serious security issue found in TYPO3 core.
XSS and SQL injection vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to XSS and SQL injections.
Multiple security issues found in TYPO3 core
It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and…
Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and…
Security issues in several third party TYPO3 extensions
Security vulnerabilities have been discovered in the following third party TYPO3 extensions: "phpMyAdmin" (phpmyadmin), "DR Wiki - Typo3 Wiki…
TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Vox populi" (mv_vox_populi), "SB Universal Plugin"…
TYPO3 Security Bulletin
It has been discovered that the extension DR Wiki - Typo3 Wiki extension (dr_wiki) is vulnerable to Cross-Site Scripting (XSS).
TYPO3 Security Bulletin
It has been discovered that the extension WEC Discussion Forum (wec_discussion) is vulnerable to Cross-Site Scripting (XSS) and SQL injection.
TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to SQL injections via XSRF.
Update on recent typo3.org issue
Dear user of typo3.org, after a while of (almost) non-stop activity by members of the security team as well as the core team and the folks from…