Security Advisories
All Advisories
TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling
It has been discovered that TYPO3 CMS is susceptible to denial of service.
TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework
It has been discovered that TYPO3 CMS is vulnerable to broken access control.
TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework
It has been discovered that TYPO3 CMS is vulnerable to unrestricted file upload.
TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling
It has been discovered that TYPO3 CMS is susceptible to open redirection.
TYPO3-EXT-SA-2021-003: Cross-Site Scripting in extension "Aimeos shop and e-commerce framework" (aimeos)
It has been discovered that the extension"Aimeos shop and e-commerce framework" (aimeos) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2021-002: Denial of Service in extension "Code Highlight" (codehighlight)
It has been discovered that the extension "Code Highlight" (codehighlight) is susceptible to Denial of Service.
TYPO3-EXT-SA-2021-001: SQL Injection in extension "VHS: Fluid ViewHelpers" (vhs)
It has been discovered that the extension "VHS: Fluid ViewHelpers" (vhs) is susceptible to SQL Injection.
TYPO3-PSA-2020-003: Mitigation of Cross-Site Scripting Vulnerabilities in File Upload Handling
Repeating and refining public service announcement TYPO3-PSA-2019-010.
TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode
Accessing Install Tool via TYPO3 Backend requires password verification - known as Sudo Mode.
TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget
It has been discovered that TYPO3 CMS is susceptible to XML external entity processing.
TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier
It has been discovered that TYPO3 CMS is susceptible to sensitive data exposure.
TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting..
TYPO3-CORE-SA-2020-009: Cross-Site Scripting through Fluid view helper arguments
It has been discovered that the Fluid Engine is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2020-020: Denial of Service in extension "Authenticator" (defbu_authenticator)
It has been discovered that the extension "Authenticator" (defbu_authenticator) is susceptible to Denial of Service.
TYPO3-EXT-SA-2020-019: Sensitive Data Exposure in extension "View frontend statistics" (view_statistics)
It has been discovered that the extension "View frontend statistics" (view_statistics) is susceptible to Sensitive Data Exposure.
TYPO3-EXT-SA-2020-018: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection and Cross-Site Scripting.