Security Advisories
All Advisories
TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication
It has been discovered that TYPO3 CMS is susceptible to information disclosure.
TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2021-007: Cross-Site Scripting in extension "Bootstrap Package" (bootstrap_package)
It has been discovered that the extension "Bootstrap Package" (bootstrap_package) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2021-006: Server-side request forgery in extension "Yoast SEO for TYPO3" (yoast_seo)
It has been discovered that the extension "Yoast SEO for TYPO3" (yoast_seo) is susceptible to Server-side request forgery (SSRF).
TYPO3-EXT-SA-2021-005: SQL Injection in extension "Dynamic Content Element" (dce)
It has been discovered that the extension "Dynamic Content Element" (dce) is susceptible to SQL Injection.
TYPO3-EXT-SA-2021-004: Cross-Site Scripting in extension "2 Clicks for External Media" (media2click)
It has been discovered that the extension "2 Clicks for External Media" (media2click) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
It has been discovered that TYPO3 CMS is susceptible to denial of service.
TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework
It has been discovered that TYPO3 CMS is vulnerable to broken access control.
TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework
It has been discovered that TYPO3 CMS is vulnerable to unrestricted file upload.
TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling
It has been discovered that TYPO3 CMS is susceptible to open redirection.
TYPO3-EXT-SA-2021-003: Cross-Site Scripting in extension "Aimeos shop and e-commerce framework" (aimeos)
It has been discovered that the extension"Aimeos shop and e-commerce framework" (aimeos) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2021-002: Denial of Service in extension "Code Highlight" (codehighlight)
It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
TYPO3-EXT-SA-2021-001: SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)
It has been discovered that the extension "VHS: Fluid ViewHelpers" (vhs) is susceptible to SQL Injection.
TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
Repeating and refining public service announcement TYPO3-PSA-2019-010.