Security Advisories
All Advisories
TYPO3-EXT-SA-2020-017: Multiple vulnerabilities in extension "Event management and registration" (sf_event_mgt)
It has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to Information Disclosure and Broken…
TYPO3-EXT-SA-2020-016: Information Disclosure in extension "Localization Manager" (l10nmgr)
It has been discovered that the extension "Localization Manager" (l10nmgr) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2020-015: Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure
It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure.
TYPO3-CORE-SA-2020-007: Potential Privilege Escalation
It has been discovered that TYPO3 CMS is susceptible to privilege escalation.
TYPO3-EXT-SA-2020-014: Sensitive Information Disclosure in extension "Media Content Element" (mediace)
It has been discovered that the extension "Media Content Element" (mediace) is susceptible to Sensitive Information Disclosure.
TYPO3-PSA-2020-001: Critical vulnerability in legacy versions of TYPO3 CMS
It has been discovered that TYPO3 CMS is susceptible to sensitive information disclosure in previous TYPO3 versions which are not maintained by the…
TYPO3-EXT-SA-2020-013: Multiple vulnerabilities in extension "mm_forum" (mm_forum)
It has been discovered that the extension "mm_forum" (mm_forum) is susceptible to Cross Site Scripting and CSRF.
TYPO3-EXT-SA-2020-012: Cross-Site Scripting in extension "Google reCAPTCHA (v2/v3)" (jh_captcha)
It has been discovered that the extension "Google reCAPTCHA (v2/v3)" (jh_captcha) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2020-011: Remote Code Execution in extension "Turn!" (turn)
It has been discovered that the extension "Turn!" (turn) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2020-010: Broken Access Control in extension "typo3_forum" (typo3_forum)
It has been discovered that the extension "typo3_forum" (typo3_forum) is susceptible to Broken Access Control.
TYPO3-EXT-SA-2020-009: Cross-Site Scripting in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2020-006: Same-Origin Request Forgery to Backend User Interface
It has been discovered that TYPO3 CMS is vulnerable to same-origin request forgery.
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-EXT-SA-2020-008: Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
It has been discovered that the extension "SVG Sanitizer" (svg_sanitizer) is vulnerable to Cross-Site Scripting.
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2020-007: Sensitive Data Exposure in extension "Job Fair" (jobfair)
It has been discovered that the extension "Job Fair" (jobfair) is susceptible to Sensitive Data Exposure.
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)
It has been discovered that the extension "gForum" (g_forum) is susceptible to Broken Access Control.