-
TYPO3-CORE-SA-2025-016: Privilege Escalation to System Maintainer
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to broken authentication.
-
TYPO3-CORE-SA-2025-015: Broken Authentication in Backend MFA
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to broken authentication.
-
TYPO3-CORE-SA-2025-014: Unrestricted File Upload in File Abstraction Layer
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
-
TYPO3-CORE-SA-2025-013: Unverified Password Change for Backend Users
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to security misconfiguration.
-
TYPO3-CORE-SA-2025-012: Server-Side Request Forgery via Webhooks
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to server side request forgery..
-
TYPO3-CORE-SA-2025-011: Information Disclosure via DBAL Restriction Handling
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to information disclosure.
-
TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)
Categories: DevelopmentAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "[clickstorm] SEO" (cs_seo) is susceptible to Cross-Site Scripting and Insecure Direct Object Reference.
-
TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)
Categories: DevelopmentAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension “Additional TCA” (additional_tca) is susceptible to Cross-Site Scripting.
-
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)
Categories: DevelopmentAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "OpenID Connect Authentication" (oidc) is susceptible to Account Takeover.
-
TYPO3-CORE-SA-2025-010: Cross-Site Request Forgery in DB Check Module
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to cross-site request forgery.