Security Advisories
All Advisories
TYPO3-SA-2009-015: XSS and SQL injection vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to XSS and SQL injections.
MULTIPLE-SECURITY-ISSUES-FOUND-IN-TYPO3-CORE: Multiple security issues found in TYPO3 core
It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and…
TYPO3-SA-2009-001: Multiple vulnerabilities in TYPO3 Core
It has been discovered that TYPO3 Core is vulnerable to Broken Authentication and Session Management, Cross-Site Scripting, Insecure Randomness and…
SECURITY-ISSUES-IN-SEVERAL-THIRD-PARTY-TYPO3-EXTENSIONS: Security issues in several third party TYPO3 extensions
Security vulnerabilities have been discovered in the following third party TYPO3 extensions: "phpMyAdmin" (phpmyadmin), "DR Wiki - Typo3 Wiki…
TYPO3-20081222-4: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: "Vox populi" (mv_vox_populi), "SB Universal Plugin"…
TYPO3-20081222-3: TYPO3 Security Bulletin
It has been discovered that the extension DR Wiki - Typo3 Wiki extension (dr_wiki) is vulnerable to Cross-Site Scripting (XSS).
TYPO3-20081222-2: TYPO3 Security Bulletin
It has been discovered that the extension WEC Discussion Forum (wec_discussion) is vulnerable to Cross-Site Scripting (XSS) and SQL injection.
TYPO3-20081222-1: TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to SQL injections via XSRF.
UPDATE-ON-RECENT-TYPO3ORG-ISSUE: Update on recent typo3.org issue
Dear user of typo3.org, after a while of (almost) non-stop activity by members of the security team as well as the core team and the folks from…
IMPORTANT-SECURITY-WARNING: Important security warning
This is an important security warning. An unauthorized person has gained administrative access to the typo3.org website. The offender had access to…
TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
It has been discovered that the frontend plugin of system extension "felogin" is vulnerable to Cross-Site Scripting (XSS).
TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
It has been discovered that the backend module "file" is vulnerable to Cross-Site Scripting (XSS).
CROSS-SITE-SCRIPTING-VULNERABILITIES-IN-TYPO3-CORE: Cross Site Scripting vulnerabilities in TYPO3 core
It has been discovered that TYPO3 core is susceptible to two Cross Site Scripting (XSS) issues. The frontend plugin of system extension "felogin" and…
TYPO3-20081110-2: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: "advcalendar" (advCalendar), "CMS Poll system" (cms_poll),…
TYPO3-20081110-1: TYPO3 Security Bulletin
It has been discovered that the extension phpMyAdmin (phpmyadmin) is vulnerable to Cross-Site Scripting.
SECURITY-ISSUES-IN-TYPO3-EXTENSION-PHPMYADMIN-AND-SEVERAL-OTHER-THIRD-PARTY-EXTENSIONS: Security issues in TYPO3 extension phpMyAdmin and several other third party extensions
Security issues have been discovered in the following third party TYPO3 extensions: "phpMyAdmin" (phpmyadmin), "advCalendar" (advcalendar), "CMS Poll…
TYPO3-20081020-2: SQL Injection in extension Commerce (commerce)
It has been discovered that the extension Commerce (commerce) is vulnerable to SQL Injection attacks.
TYPO3-20081020-1: TYPO3 Security Bulletin
Several vulnerabilities have been found in the following third party TYPO3 extensions: JobControl (dmmjobcontrol), Econda Plugin (econda), Frontend…
SECURITY-ISSUES-IN-TYPO3-EXTENSION-COMMERCE-AND-SEVERAL-OTHER-THIRD-PARTY-EXTENSIONS: Security issues in TYPO3 extension Commerce and several other third party extensions
Security issues have been discovered in the following third party TYPO3 extensions: Commerce (commerce), JobControl (dmmjobcontrol), Econda Plugin…
TYPO3-20080924-2: TYPO3 Security Bulletin
It has been discovered that the extension freeCap CAPTCHA (sr_freecap) is vulnerable to Cross-Site Scripting.