Security Advisories
All Advisories
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)
It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)
It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)
Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters
It has been discovered that TYPO3 CMS is susceptible to cache poisoning.
TYPO3-EXT-SA-2021-018: Sensitive Data Exposure in extension "Job Fair" (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
TYPO3-EXT-SA-2021-017: Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
It has been discovered that the extension"pixx.io integration for TYPO3 (DAM)" (pixxio) is susceptible to Server-side request forgery, Remote Code…
TYPO3-EXT-SA-2021-016: Denial of Service in extension "Code Highlight" (codehighlight)
It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
TYPO3-EXT-SA-2021-015: Cross-Site Scripting in extension "Google for Jobs" (google_for_jobs)
It has been discovered that the extension"Google for Jobs" (google_for_jobs) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
It has been discovered that TYPO3 CMS is vulnerable to HTTP header injection.
TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site-request-forgery.
TYPO3-EXT-SA-2021-014: SQL Injection in extension "Newsletter" (newsletter)
It has been discovered that the extension"Newsletter" (newsletter) is susceptible to SQL Injection.
TYPO3-EXT-SA-2021-013: Multiple vulnerabilities in Extension "Dated News" (dated_news)
It has been discovered that the extension"Dated News" (dated_news) is susceptible to SQL Injection, Cross-Site Scripting, Information Disclosure and…
TYPO3-EXT-SA-2021-012: Cross Site Scripting in Extension "Yoast SEO for TYPO3" (yoast_seo)
It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Cross Site Scripting.
TYPO3-EXT-SA-2021-011: Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
It has been discovered that the extension "Miniorange Saml" (miniorange_saml) is susceptible to Cross-Site Scripting, Sensitive Data Exposure and…
TYPO3-EXT-SA-2021-010: Cross-Site Scripting in Extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2021-009: Denial of Service in Extension "Deferred image processing" (deferred_image_processing)
It has been discovered that the extension "Deferred image processing" (deferred_image_processing) is susceptible to Denial of Service.
TYPO3-EXT-SA-2021-008: Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)
It has been discovered that the extension “Extbase Yaml Routes” (routes) is susceptible to Sensitive Information Disclosure.
TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-PSA-2021-002: CSV Code Injection
It has been discovered that the TYPO3 extensions offering a CSV export might create CSV files that can contain formulas executed in external…
TYPO3-PSA-2021-001: Sensitive links in search results of TYPO3 extension indexed_search
It has been discovered that the TYPO3 extension “Indexed Search” may index sensitive links under certain conditions.