Version v7.6.24
typo3/cms
[READ-ONLY] Subtree split of the TYPO3 Core Extension "frontend"
Install Instructions
composer require typo3/cms
Language PHP
Package URL (purl) pkg:composer/typo3/cms@7.6.24
Find typo3/cms
vulnerabilities in your supply chain.
typo3/cms Vulnerabilities
Sort by
CVE (Latest)
CVE | CVSS Score | CWE(s) | EPSS Score | EPSS % | Impacted Versions |
---|---|---|---|---|---|
CVE-2010-1022 | High 7.5 | CWE-287 | 0.00749 | 0.8144 |
|
CVE-2011-4628 | High 9.8 | CWE-287 | 0.00714 | 0.80959 |
|
CVE-2011-4627 | Medium 6.5 | CWE-200 | 0.00063 | 0.28244 |
|
CVE-2011-4630 | Medium 5.4 | CWE-79 | 0.00064 | 0.29344 |
|
CVE-2011-4632 | Medium 5.4 | CWE-79 | 0.00064 | 0.29344 |
|
CVE-2011-4900 | Medium 6.5 | CWE-200 | 0.00058 | 0.25985 |
|
CVE-2011-4901 | Medium 6.5 | CWE-200 | 0.00117 | 0.46764 |
|
CVE-2011-4903 | Medium 6.1 | CWE-79 | 0.00124 | 0.4794 |
|
CVE-2011-4902 | Medium 6.5 | CWE-20 | 0.00087 | 0.38328 |
|
CVE-2011-4904 | Medium 6.5 | CWE-20 | 0.00115 | 0.46342 |
|
CVE-2014-3945 | Medium 4 | CWE-287 | 0.00264 | 0.66572 |
|
CVE-2018-6905 | Medium 4.8 | CWE-79 | 0.00075 | 0.33558 |
|
CVE-2022-47406 | High 9.8 | CWE-613 | 0.00201 | 0.58541 |
|
CVE-2013-4701 | High 7.5 | CWE-611 | 0.0064 | 0.79678 |
|
CVE-2013-7341 | Medium 4.3 | CWE-79 | 0.00254 | 0.65786 |
|
CVE-2014-9508 | Medium 4.3 | CWE-59 | 0.00192 | 0.57669 |
|
CVE-2014-9509 | High 7.5 | CWE-20 | 0.00855 | 0.82746 |
|
CVE-2015-5956 | Low 3.5 | CWE-79 | 0.04664 | 0.92837 |
|
CVE-2015-8755 | Medium 5.4 | CWE-79 | 0.00084 | 0.36896 |
|
CVE-2016-4056 | Medium 6.1 | CWE-79 | 0.00166 | 0.54131 |
|
CVE-2020-8091 | Medium 6.1 | CWE-79 | 0.002 | 0.58385 |
|
CVE-2014-3941 | Medium 5 | CWE-297, CWE-20 | 0.00591 | 0.78785 |
|
CVE-2014-3943 | Low 3.5 | CWE-79 | 0.00104 | 0.43409 |
|
CVE-2014-3944 | Medium 5.8 | CWE-287 | 0.00264 | 0.66572 |
|
CVE-2014-3946 | Medium 4 | CWE-200 | 0.00118 | 0.47041 |
|
CVE-2021-32768 | Medium 6.1 | CWE-79 | 0.00084 | 0.3709 |
|
CVE-2018-14041 | Medium 6.1 | CWE-79 | 0.00403 | 0.74211 |
|
CVE-2018-17960 | Medium 6.1 | CWE-79 | 0.00114 | 0.46055 |
|
CVE-2019-10912 | High 7.1 | CWE-502 | 0.00359 | 0.72762 |
|
CVE-2019-11832 | High 7.5 | CWE-20 | 0.00775 | 0.81808 |
|
CVE-2019-12747 | High 8.8 | CWE-502 | 0.00102 | 0.42821 |
|
CVE-2019-12748 | Medium 6.1 | CWE-79 | 0.00078 | 0.35003 |
|
CVE-2019-19848 | High 7.2 | CWE-22 | 0.0018 | 0.56039 |
|
CVE-2019-19849 | High 8.8 | CWE-502 | 0.00102 | 0.42821 |
|
CVE-2019-19850 | High 7.2 | CWE-89 | 0.00087 | 0.37972 |
|
CVE-2020-11064 | Medium 5.4 | CWE-79 | 0.00053 | 0.22411 |
|
CVE-2020-11065 | Medium 5.4 | CWE-79 | 0.00053 | 0.22411 |
|
CVE-2020-11066 | High 10 | CWE-1321, CWE-915 | 0.00108 | 0.44855 |
|
CVE-2020-11067 | High 8.8 | CWE-502 | 0.00653 | 0.79937 |
|
CVE-2020-11069 | High 8.8 | CWE-346, CWE-352 | 0.00082 | 0.36226 |
|
CVE-2020-15098 | High 8.8 | CWE-20, CWE-502, CWE-325, CWE-327, CWE-200 | 0.00318 | 0.71043 |
|
CVE-2020-15099 | High 8.1 | CWE-200, CWE-20 | 0.00944 | 0.83604 |
|
CVE-2020-15241 | Medium 6.1 | CWE-79 | 0.00117 | 0.46692 |
|
CVE-2020-26227 | Medium 6.1 | CWE-79 | 0.00112 | 0.45563 |
|
CVE-2020-26228 | High 7.5 | CWE-312, CWE-200 | 0.00131 | 0.49232 |
|
CVE-2021-21338 | Medium 6.1 | CWE-601 | 0.0008 | 0.35735 |
|
CVE-2021-21339 | High 7.5 | CWE-312 | 0.00168 | 0.54356 |
|
CVE-2021-21355 | High 8.6 | CWE-552, CWE-434 | 0.00102 | 0.42932 |
|
CVE-2021-21357 | High 8.3 | CWE-434, CWE-22, CWE-20 | 0.00109 | 0.45125 |
|
CVE-2021-21359 | High 7.5 | CWE-674, CWE-405 | 0.00176 | 0.5555 |
|
CVE-2021-21370 | Medium 5.4 | CWE-79 | 0.00061 | 0.27386 |
|
CVE-2021-32667 | Medium 5.4 | CWE-79 | 0.00053 | 0.22411 |
|
CVE-2021-32668 | Medium 4.8 | CWE-79 | 0.00053 | 0.22411 |
|
CVE-2021-32669 | Medium 5.4 | CWE-79 | 0.00053 | 0.22411 |
|
CVE-2021-32767 | Medium 6.5 | CWE-532 | 0.00063 | 0.28244 |
|
CVE-2017-14251 | High 8.8 | CWE-434 | 0.00788 | 0.81971 |
|
CVE-2016-5385 | High 8.1 | CWE-601 | 0.92761 | 0.99114 |
|
CVE-2017-6370 | Medium 5.3 | CWE-319 | 0.00231 | 0.61688 |
|
typo3/cms Vulnerability Remediation Guidance
CVE | Description | Full list of Impacted Versions | Fix |
---|---|---|---|
CVE-2022-47406 | An issue was discovered in the fe_change_pwd (aka Change password for frontend users) extension before 2.0.5, and 3.x before 3.0.3, for TYPO3. The extension fails to revoke existing sessions for the current user when the password has been changed. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2021-32768 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described. | 7.3.0, 7.2.0, 7.1.0, 7.0.2, 7.0.1, 7.0.0, v9.0.0, v9.1.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2021-32767 | TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-32669 | TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-32668 | TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-32667 | TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-21370 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-21359 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-21357 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2021-21355 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-21339 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2021-21338 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-8091 | svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.0.2, 7.0.1 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2020-26228 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-26227 | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2020-15241 | TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1). | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2020-15099 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-15098 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-11069 | In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-11067 | In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-11066 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-11065 | In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2020-11064 | In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2019-19850 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2019-19849 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2019-19848 | An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2019-12748 | TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2019-12747 | TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2019-11832 | TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2019-10912 | In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge. | v9.0.0, v9.1.0 | Patch → NO_SAFE_VERSION |
CVE-2018-6905 | The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2018-17960 | CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2018-14041 | In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. | v9.0.0, v9.1.0, 8.7.10, v8.7.9, v8.7.8, v8.7.4, v8.7.3, 8.7.2 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2017-6370 | TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. | 7.6.15 | Patch → NO_SAFE_VERSION |
CVE-2017-14251 | Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | v8.7.4, v8.7.3, 8.7.2, 8.7.1, 8.7.0, 8.6.1, 8.6.0, 8.5.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2016-5385 | PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | 8.2.0, 8.1.2, 8.1.0, 8.1.1, 8.0.1, 8.0.0 | Patch → NO_SAFE_VERSION |
CVE-2016-4056 | Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.2.11, 6.2.12 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2015-8755 | Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.3.0, 7.2.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2015-5956 | The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.3.0, 7.2.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2014-9509 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.0.1, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2014-9508 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.0.1, 7.0.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2014-3946 | The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | 6.2.2, 6.2.1, 6.2.0 | Patch → NO_SAFE_VERSION |
CVE-2014-3945 | The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2014-3944 | The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. | 6.2.2, 6.2.1, 6.2.0 | Patch → NO_SAFE_VERSION |
CVE-2014-3943 | Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters. | 6.2.2, 6.2.1, 6.2.0 | Patch → NO_SAFE_VERSION |
CVE-2014-3941 | TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." | 6.2.2, 6.2.1, 6.2.0 | Patch → NO_SAFE_VERSION |
CVE-2013-7341 | Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 7.3.0, 7.2.0 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2013-4701 | Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 6.2.4, 6.2.5, 6.2.3, 6.2.2, 6.2.1, 6.2.0 | Patch → NO_SAFE_VERSION |
CVE-2011-4904 | TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4903 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4902 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4901 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4900 | TYPO3 before 4.5.4 allows Information Disclosure in the backend. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4632 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4630 | Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4628 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2011-4627 | TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
CVE-2010-1022 | The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. | dev-TYPO3_6-2, dev-TYPO3_7-0, dev-TYPO3_7-3, dev-TYPO3_7-6, dev-TYPO3_8-1, dev-TYPO3_8-0, dev-TYPO3_8-2, dev-TYPO3_8-3 (Show all) | Patch → NO_SAFE_VERSION |
Instantly see if these typo3/cms
vulnerabilities affect your code.