TYPO3/typo3
CVE History
| CVE | Affected | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|---|
| — | — | — | ||
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This issue affects TYPO3 CMS versions 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2. | ||||
| — | — | — | ||
Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations, re-enabling attack vectors originally addressed in TYPO3-CORE-SA-2018-003, including SQL injection and privilege escalation. This issue affects TYPO3 CMS versions 14.0.0-14.3.3. | ||||
| — | — | — | ||
TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend (cache store or sys_registry database table) could inject a crafted serialized payload to trigger PHP Object Injection, potentially exploiting a gadget chain to achieve Remote Code Execution or other high-impact effects. Exploiting this vulnerability requires direct local write access to the storage, such as the SQL database or file system. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| — | — | — | ||
The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator users with access to the File Abstraction Layer were able to create new file storage definitions pointing to directories outside the project root, bypassing this path check. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| — | — | — | ||
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| — | — | — | ||
Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2. | ||||
| — | — | — | ||
Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| — | — | — | ||
Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| — | — | — | ||
Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding, resulting in a Cross-Site Scripting vulnerability. This issue affects TYPO3 CMS versions 13.0.0-13.4.30 and 14.0.0-14.3.2. | ||||
| — | — | — | ||
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2. | ||||
| — | — | — | ||
Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to escalate privileges by creating administrative backend user accounts. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.50, 12.0.0-12.4.45, 13.0.0-13.4.30 and 14.0.0-14.3.2. | ||||
| — | — | — | ||
Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2. | ||||
| — | — | — | ||
Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to escalate privileges by creating administrative backend user accounts. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| = 14.2.0 | 7.5 HIGH | — | ||
Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0. | ||||
| >= 10.0.0, < 10.4.55, >= 11.0.0, < 11.5.49, >= 12.0.0, < 12.4.41, >= 13.0.0, < 13.4.23, >= 14.0.0, < 14.0.2 | 7.8 HIGH | — | ||
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1. | ||||
| >= 10.0.0, < 10.4.55, >= 11.0.0, < 11.5.49, >= 12.0.0, < 12.4.41, >= 13.0.0, < 13.4.23, >= 14.0.0, < 14.0.2 | 8.1 HIGH | — | ||
Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This allowed attackers to purge and destroy critical site data, effectively rendering the website unavailable. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1. | ||||
| >= 10.0.0, < 10.4.55, >= 11.0.0, < 11.5.49, >= 12.0.0, < 12.4.41, >= 13.0.0, < 13.4.23, >= 14.0.0, < 14.0.2 | 6.4 MEDIUM | — | ||
Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs – facilitating phishing or other malicious redirect attacks. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1. | ||||
| >= 10.0.0, < 10.4.55, >= 11.0.0, < 11.5.49, >= 12.0.0, < 12.4.41, >= 13.0.0, < 13.4.23, >= 14.0.0, < 14.0.2 | 6.5 MEDIUM | — | ||
By exploiting the defVals parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1. | ||||
| >= 11.0.0, < 11.5.48, >= 12.0.0, < 12.4.37, >= 13.0.0, < 13.4.18 | 4.3 MEDIUM | — | ||
Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them. | ||||
| >= 9.0.0, < 9.5.55, >= 10.0.0, < 10.4.54, >= 11.0.0, < 11.5.48, >= 12.0.0, < 12.4.37, >= 13.0.0, < 13.4.18 | 6.5 MEDIUM | — | ||
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access. | ||||
| >= 9.0.0, < 9.5.55, >= 10.0.0, < 10.4.54, >= 11.0.0, < 11.5.48, >= 12.0.0, < 12.4.37, >= 13.0.0, < 13.4.18 | 8.8 HIGH | — | ||
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules. | ||||
| >= 9.0.0, < 9.5.55, >= 10.0.0, <= 10.4.54, >= 11.0.0, <= 11.5.48, >= 12.0.0, <= 12.4.37, >= 13.0.0, <= 13.4.18 | 4.3 MEDIUM | — | ||
Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations. | ||||
| >= 12.0.0, < 12.4.37, >= 13.0.0, < 13.4.18 | 6.5 MEDIUM | — | ||
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly. | ||||
| >= 11.0.0, < 11.5.48, >= 12.0.0, < 12.4.37, >= 13.0.0, < 13.4.18 | 2.7 LOW | — | ||
An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar. | ||||
| >= 9.0.0, < 9.5.55, >= 10.0.0, < 10.4.54, >= 11.0.0, < 11.5.48, >= 12.0.0, < 12.4.37, >= 13.0.0, < 13.4.18 | 6.1 MEDIUM | — | ||
An open‑redirect vulnerability in GeneralUtility::sanitizeLocalUrl of TYPO3 CMS 9.0.0–9.5.54, 10.0.0–10.4.53, 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 allows an attacker to redirect users to arbitrary external sites, enabling phishing attacks by supplying a manipulated, sanitized URL. | ||||
| <= 6.4.1, >= 7.0.0, <= 7.5.2, >= 8.0.0, <= 8.3.0 | 6.5 MEDIUM | — | ||
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0 | ||||
| >= 12.0.0, < 12.4.31, >= 13.0.0, < 13.4.12 | 7.2 HIGH | — | ||
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, the multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem. | ||||
| >= 10.4.0, < 10.4.50, >= 11.0.0, < 11.5.44, >= 12.0.0, < 12.4.31, >= 13.0.0, < 13.4.12 | 7.2 HIGH | — | ||
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | ||||
| >= 9.0.0, < 9.5.51, >= 10.0.0, < 10.4.50, >= 11.0.0, < 11.5.44, >= 12.0.0, < 12.4.31, >= 13.0.0, < 13.4.12 | 5.4 MEDIUM | — | ||
TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`) starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | ||||
| >= 9.0.0, < 9.5.51, >= 10.0.0, < 10.4.50, >= 11.0.0, < 11.5.44, >= 12.0.0, < 12.4.31, >= 13.0.0, < 13.4.12 | 3.8 LOW | — | ||
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | ||||
| >= 9.0.0, < 9.5.51, >= 10.0.0, < 10.4.50, >= 11.0.0, < 11.5.44, >= 12.0.0, < 12.4.31, >= 13.0.0, < 13.4.12 | 3.7 LOW | — | ||
TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem. | ||||
| >= 12.0.0, < 12.4.31, >= 13.0.0, < 13.4.12 | 3.3 LOW | — | ||
TYPO3 is an open source, PHP based web content management system. In versions on the 12.x branch prior to 12.4.31 LTS and the 13.x branch prior to 13.4.2 LTS, Webhooks are inherently vulnerable to Cross-Site Request Forgery (CSRF), which can be exploited by adversaries to target internal resources (e.g., localhost or other services on the local network). While this is not a vulnerability in TYPO3 itself, it may enable attackers to blindly access systems that would otherwise be inaccessible. An administrator-level backend user account is required to exploit this vulnerability. Users should update to TYPO3 version 12.4.31 LTS or 13.4.12 LTS to fix the problem. | ||||
| >= 11.0.0, < 11.5.42 | 4.3 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to `lax` or `none`. The vulnerability in the affected downstream component “DB Check Module” allows attackers to manipulate data through unauthorized actions. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this issue. | ||||
| >= 11.0.0, < 11.5.42 | 8 HIGH | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Scheduler Module” allows attackers to trigger pre-defined command classes - which can lead to unauthorized import or export of data in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | ||||
| >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 4.3 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Indexed Search Module” allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue. | ||||
| >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 5.4 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component “Form Framework Module” allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | ||||
| >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 4.3 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Backend User Module” allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. | ||||
| >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 4.3 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Dashboard Module” allows attackers to manipulate the victim’s dashboard configuration. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | ||||
| >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 7.5 HIGH | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Extension Manager Module” allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. | ||||
| >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 4.3 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component “Log Module” allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | ||||
| >= 9.0.0, < 9.5.49, >= 10.0.0, < 10.4.48, >= 11.0.0, < 11.5.42, >= 12.0.0, < 12.4.25, >= 13.0.0, < 13.4.3 | 4.8 MEDIUM | — | ||
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability. | ||||
| = 13.4.2 | 3.1 LOW | — | ||
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | ||||
| >= 10.0.0, < 10.4.46, >= 11.0.0, < 11.5.40, >= 12.0.0, < 12.4.21, >= 13.0.0, < 13.3.1 | 4.9 MEDIUM | — | ||
TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bookmark toolbar of the backend user interface. The fixed versions are 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, and 13.3.1. | ||||
| >= 10.0.0, < 10.4.46, >= 11.0.0, < 11.5.40, >= 12.0.0, < 12.4.21, >= 13.0.0, < 13.3.1 | 3.1 LOW | — | ||
TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. Users are advised to update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. There are no known workarounds for this vulnerability. | ||||
| >= 9.0.0, < 9.5.48, >= 10.0.0, < 10.4.45, >= 11.0.0, < 11.5.37, >= 12.0.0, < 12.4.15, >= 13.0.0, < 13.1.1 | 5.3 MEDIUM | — | ||
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. | ||||
| >= 9.0.0, < 9.5.48, >= 10.0.0, < 10.4.45, >= 11.0.0, < 11.5.37, >= 12.0.0, < 12.4.15, >= 13.0.0, < 13.1.1 | 5.4 MEDIUM | — | ||
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described. | ||||
| >= 13.0.0, < 13.1.1 | 3.5 LOW | — | ||
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML markup. Exploiting this vulnerability requires a valid backend user account. TYPO3 version 13.1.1 fixes the problem described. | ||||
| >= 9.0.0, < 9.5.48, >= 10.0.0, < 10.4.45, >= 11.0.0, < 11.5.37, >= 12.0.0, < 12.4.15, >= 13.0.0, < 13.1.1 | 5.4 MEDIUM | — | ||
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described. | ||||
| >= 8.0.0, < 8.7.57, >= 9.0.0, < 9.5.46, >= 10.0.0, < 10.4.43, >= 11.0.0, < 11.5.35, >= 12.0.0, < 12.4.11, = 13.0.0 | 7.2 HIGH | — | ||
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1. | ||||
| = 13.0.0, >= 8.0.0, < 8.7.57, >= 9.0.0, < 9.5.46, >= 10.0.0, < 10.4.43, >= 11.0.0, < 11.5.35, >= 12.0.0, < 12.4.11 | 7.1 HIGH | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`. | ||||
| = 13.0.0, >= 8.0.0, < 8.7.57, >= 9.0.0, < 9.5.46, >= 10.0.0, < 10.4.43, >= 11.0.0, < 11.5.35, >= 12.0.0, < 12.4.11 | 4.3 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | ||||
| = 13.0.0, >= 8.0.0, < 8.7.57, >= 9.0.0, < 9.5.46, >= 10.0.0, < 10.4.43, >= 11.0.0, < 11.5.35, >= 12.0.0, < 12.4.11 | 4.9 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability. | ||||
| = 13.0.0, >= 8.0.0, < 8.7.57, >= 9.0.0, < 9.5.46, >= 10.0.0, < 10.4.43, >= 11.0.0, < 11.5.35, >= 12.0.0, < 12.4.11 | 4.3 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. | ||||
| = 11.5.24 | 4.9 MEDIUM | — | ||
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]. | ||||
| >= 12.0.0, < 12.4.8, >= 11.0.0, < 11.5.33, >= 10.0.0, < 10.4.41, >= 9.0.0, < 9.5.44, >= 8.0.0, < 8.7.55 | 4.2 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| >= 12.2.0, < 12.4.8 | 3.7 LOW | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only - “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| >= 10.4.19, < 10.4.41, >= 9.5.29, < 9.5.44, >= 8.7.42, < 8.7.55, >= 12.0.0, < 12.4.8, >= 11.3.2, < 11.5.33 | 4.7 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| >= 12.0.0, < 12.4.4, >= 11.0.0, < 11.5.30, >= 10.0.0, < 10.4.39, >= 9.4.0, < 9.5.42 | 3.7 LOW | — | ||
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. | ||||
| — | 6.1 MEDIUM | — | ||
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| >= 12.0.0, < 12.2.0, >= 11.0.0, < 11.5.23, >= 10.0.0, < 10.4.36, >= 9.0.0, < 9.5.40, >= 8.7.0, < 9.7.51 | 8.8 HIGH | — | ||
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation. | ||||
| >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33, >= 9.0.0, < 9.5.38, >= 12.0.0, < 12.1.1 | 5.7 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | ||||
| >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33, >= 9.0.0, < 9.5.38, >= 12.0.0, < 12.1.1, < 8.7.49 | 5.9 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | ||||
| >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33, >= 12.0.0, < 12.1.1 | 5.4 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1. | ||||
| >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33, >= 9.0.0, < 9.5.38, >= 12.0.0, < 12.1.1, >= 8.0.0, < 8.7.49 | 7.5 HIGH | — | ||
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1. | ||||
| >= 11.0.0, < 11.5.20, >= 10.0.0, < 10.4.33, >= 9.0.0, < 9.5.38 | 5.9 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1. | ||||
| >= 10.0.0, <= 10.4.31, >= 11.0.0, <= 11.5.15 | 6.5 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `f:asset.css` view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | ||||
| >= 10.0.0, <= 10.4.31, >= 11.0.0, <= 11.5.15, >= 7.0.0, <= 7.6.57, >= 8.0.0, <= 8.7.47, >= 9.0.0, <= 9.5.36 | 6.5 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | ||||
| >= 10.0.0, <= 10.4.31, >= 11.0.0, <= 11.5.15 | 5.4 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue. | ||||
| >= 10.0.0, <= 10.4.31, >= 11.0.0, <= 11.5.15, >= 7.0.0, <= 7.6.57, >= 8.0.0, <= 8.7.47, >= 9.0.0, <= 9.5.36 | 5.3 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue. | ||||
| >= 11.4.0, <= 11.5.15 | 5.9 MEDIUM | — | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue. | ||||
| >= 11.0.0, < 11.5.11, >= 10.0.0, < 10.4.29, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 7.0.0, < 7.6.57 | 5.3 MEDIUM | 4 MEDIUM | ||
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | ||||
| >= 11.0.0, < 11.5.11, >= 10.0.0, < 10.4.29, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | ||||
| >= 11.0.0, < 11.5.11, >= 10.0.0, < 10.4.29, >= 9.0.0, < 9.5.35 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | ||||
| >= 11.0.0, < 11.5.11, >= 10.0.0, < 10.4.29, >= 9.0.0, < 9.5.35 | 6 MEDIUM | 6.5 MEDIUM | ||
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | ||||
| >= 11.0.0, < 11.5.11, >= 10.0.0, < 10.4.29, >= 8.0.0, < 8.7.47, >= 9.0.0, < 9.5.35, >= 7.0.0, < 7.6.57 | 4.3 MEDIUM | 4 MEDIUM | ||
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. | ||||
| >= 11.2.0, < 11.5.0 | 8.8 HIGH | 6.8 MEDIUM | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the new TYPO3 v11 feature that allows users to create and share deep links in the backend user interface is vulnerable to cross-site-request-forgery. The impact is the same as described in TYPO3-CORE-SA-2020-006 (CVE-2020-11069). However, it is not limited to the same site context and does not require the attacker to be authenticated. In a worst case scenario, the attacker could create a new admin user account to compromise the system. To successfully carry out an attack, an attacker must trick his victim to access a compromised system. The victim must have an active session in the TYPO3 backend at that time. The following Same-Site cookie settings in $GLOBALS[TYPO3_CONF_VARS][BE][cookieSameSite] are required for an attack to be successful: SameSite=strict: malicious evil.example.org invoking TYPO3 application at good.example.org and SameSite=lax or none: malicious evil.com invoking TYPO3 application at example.org. Update your instance to TYPO3 version 11.5.0 which addresses the problem described. | ||||
| >= 11.0.0, < 11.5.0 | 4.8 MEDIUM | 5 MEDIUM | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability. | ||||
| >= 9.0.0, <= 9.5.28, >= 11.0.0, <= 11.3.1, >= 10.0.0, <= 10.4.18, >= 7.0.0, <= 7.6.52, >= 8.0.0, <= 8.7.41 | 6.1 MEDIUM | 4.3 MEDIUM | ||
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. Update to TYPO3 versions 7.6.53 ELTS, 8.7.42 ELTS, 9.5.29, 10.4.19, 11.3.2 that fix the problem described. | ||||
| >= 10.0.0, <= 10.4.17, >= 11.0.0, <= 11.3.0, >= 8.0.0, <= 8.7.40, >= 7.0.0, <= 7.6.51, >= 9.0.0, <= 9.5.27 | 5.3 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 versions 9.5.28, 10.4.18, 11.3.1 contain a patch for this vulnerability. | ||||
| >= 10.0.0, <= 10.4.17, >= 9.0.0, <= 9.5.28, >= 11.0.0, <= 11.3.0, >= 8.0.0, <= 8.7.40 | 6.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability. | ||||
| >= 10.0.0, <= 10.4.17, >= 9.0.0, <= 9.5.28, >= 11.0.0, <= 11.3.0, >= 8.0.0, <= 8.7.40 | 6.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. | ||||
| >= 10.0.0, <= 10.4.17, >= 11.0.0, <= 11.3.0, >= 9.0.0, <= 9.5.287 | 6.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. | ||||
| >= 11.0.0, < 11.0.3, >= 10.0.0, < 10.0.10, >= 9.1.0, < 9.1.3, >= 9.0.0, < 9.0.4, < 7.1.2, >= 8.0.0, < 8.0.8 | 5.4 MEDIUM | 3.5 LOW | ||
Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem described. Updated version are available from the TYPO3 extension manager, Packagist and at https://extensions.typo3.org/extension/download/bootstrap_package/. | ||||
| >= 11.0.0, < 11.1.1, >= 10.2.0, < 10.4.14 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1. | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14, >= 9.0.0, < 9.5.25, >= 8.0.0, < 8.7.40, >= 7.0.0, < 7.6.51, >= 6.2.0, < 6.2.57 | 5.9 MEDIUM | 5 MEDIUM | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 user session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14, >= 9.0.0, < 9.5.25 | 5.9 MEDIUM | 5 MEDIUM | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14, >= 9.0.0, < 9.5.25, >= 8.0.0, < 8.7.40, >= 7.0.0, < 7.6.51, >= 6.2.0, < 6.2.57 | 4.7 MEDIUM | 5.8 MEDIUM | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14, >= 9.0.0, < 9.5.25, >= 8.0.0, < 8.7.40 | 8.3 HIGH | 6.5 MEDIUM | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14, >= 9.0.0, < 9.5.25, >= 8.0.0, < 8.7.40 | 8.6 HIGH | 7.5 HIGH | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, _UploadedFileReferenceConverter_ accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location _/fileadmin/user_upload/_, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability. This is fixed in versions 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 . | ||||
| >= 11.0.0, < 11.1.1, >= 10.0.0, < 10.4.14, >= 9.0.0, < 9.5.25, >= 8.0.0, < 8.7.40, >= 7.0.0, < 7.6.51 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | ||||
| >= 10.0.0, < 10.4.10 | 3.7 LOW | 3.6 LOW | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability with current PHP versions of supported and maintained system distributions. At least with libxml2 version 2.9, the processing of XML external entities is disabled per default - and cannot be exploited. Besides that, a valid backend user account is needed. Update to TYPO3 version 10.4.10 to fix the problem described. | ||||
| >= 10.0.0, < 10.4.10, >= 9.0.0, < 9.5.23 | 8.1 HIGH | 5 MEDIUM | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | ||||
| >= 10.0.0, < 10.4.10, >= 6.2.0, < 6.2.54, >= 7.6.0, < 7.6.48, >= 8.7.0, < 8.7.38, >= 9.0.0, < 9.5.23 | 6.1 MEDIUM | 4.3 MEDIUM | ||
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.23 and 10.4.10 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. | ||||
| = 9.5.6, = 8.7.25 | 4.7 MEDIUM | 4.3 MEDIUM | ||
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1). | ||||
| >= 10.0.0, < 10.4.6, >= 9.0.0, < 9.5.20 | 8.1 HIGH | 6.8 MEDIUM | ||
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1) - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch typo3conf/LocalConfiguration.php, which again contains the encryptionKey as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account - which can be used to trigger remote code execution by injecting custom extensions. This has been patched in versions 9.5.20 and 10.4.6. | ||||
| >= 10.0.0, < 10.4.6, >= 9.0.0, < 9.5.20 | 8.8 HIGH | 6.5 MEDIUM | ||
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6. | ||||
| >= 10.0.0, <= 10.4.1, >= 9.0.0, <= 9.5.16 | 8 HIGH | 6.8 MEDIUM | ||
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/. | ||||
| >= 10.0.0, <= 10.4.1, >= 9.0.0, <= 9.5.16 | 8.8 HIGH | 6 MEDIUM | ||
In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | ||||
| >= 10.0.0, < 10.4.2, >= 9.0.0, < 9.5.17 | 8.7 HIGH | 6.4 MEDIUM | ||
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. | ||||
| >= 10.2.0, < 10.4.2, >= 9.5.12, < 9.5.17 | 5.4 MEDIUM | 3.5 LOW | ||
In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. | ||||
| >= 10.0.0, < 10.4.2, >= 9.0.0, < 9.5.17 | 5.4 MEDIUM | 3.5 LOW | ||
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. | ||||
| = 10.4.1, = 10.4.0 | 3.7 LOW | 4.3 MEDIUM | ||
In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. | ||||
| >= 7.0.0, <= 7.1.0, >= 6.2, < 6.2.39 | 6.1 MEDIUM | 4.3 MEDIUM | ||
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. | ||||
| >= 10.0.0, < 10.2.2, >= 9.0.0, < 9.5.12, >= 8.0.0, < 8.7.30 | 7.2 HIGH | 6.5 MEDIUM | ||
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges. | ||||
| >= 10.0.0, < 10.2.2, >= 9.0.0, < 9.5.12, < 8.7.30 | 8.8 HIGH | 6.5 MEDIUM | ||
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. | ||||
| >= 10.0.0, < 10.2.2, >= 9.0.0, < 9.5.12, < 8.7.30 | 7.2 HIGH | 6.5 MEDIUM | ||
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.) | ||||
| >= 4.5.0, <= 4.5.5 | 9.8 CRITICAL | 7.5 HIGH | ||
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | ||||
| >= 4.5.0, < 4.5.4 | 6.5 MEDIUM | 4 MEDIUM | ||
TYPO3 before 4.5.4 allows Information Disclosure in the backend. | ||||
| >= 4.5.0, < 4.5.4, >= 4.4.0, < 4.4.9 | 6.5 MEDIUM | 4 MEDIUM | ||
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 6.5 MEDIUM | 5.5 MEDIUM | ||
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 6.5 MEDIUM | 4 MEDIUM | ||
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 5.4 MEDIUM | 3.5 LOW | ||
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 6.1 MEDIUM | 4.3 MEDIUM | ||
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the "JSwindow" property of the typolink function. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 5.4 MEDIUM | 3.5 LOW | ||
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the system extension recycler. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 5.4 MEDIUM | 3.5 LOW | ||
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 5.4 MEDIUM | 3.5 LOW | ||
Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the admin panel. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 9.8 CRITICAL | 7.5 HIGH | ||
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | ||||
| >= 4.5.0, < 4.5.4, >= 4.3.0, < 4.3.12, >= 4.4.0, < 4.4.9 | 6.5 MEDIUM | 4 MEDIUM | ||
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, >= 4.2.0, < 4.2.13 | 5.3 MEDIUM | 5 MEDIUM | ||
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API. | ||||
| < 4.4.1 | 6.1 MEDIUM | 4.3 MEDIUM | ||
TYPO3 before 4.4.1 allows XSS in the frontend search box. | ||||
| >= 4.4.0, < 4.4.1, < 4.3.4 | 6.1 MEDIUM | 4.3 MEDIUM | ||
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 6.5 MEDIUM | 9.4 HIGH | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | ||||
| >= 4.4.0, < 4.4.1, < 4.3.4 | 4.8 MEDIUM | 5.8 MEDIUM | ||
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 7.5 HIGH | 5 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, >= 4.2.0, < 4.2.13 | 5.4 MEDIUM | 4.9 MEDIUM | ||
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 8.8 HIGH | 6.5 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 5.3 MEDIUM | 5 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 5.3 MEDIUM | 5 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 6.5 MEDIUM | 4 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 8.8 HIGH | 6.5 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 6.1 MEDIUM | 5.8 MEDIUM | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | ||||
| >= 4.4.0, < 4.4.1, >= 4.3.0, < 4.3.4, < 4.1.14, >= 4.2.0, < 4.2.13 | 5.4 MEDIUM | 3.5 LOW | ||
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend. | ||||
| >= 8.3.0, <= 8.7.26, >= 9.0.0, <= 9.5.7 | 6.1 MEDIUM | 4.3 MEDIUM | ||
TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. | ||||
| >= 8.3.0, <= 8.7.26, >= 9.0.0, <= 9.5.7 | 8.8 HIGH | 6.5 MEDIUM | ||
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | ||||
| >= 8.0.0, < 8.7.25, >= 9.0.0, < 9.5.6 | — | 9.3 HIGH | ||
TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick. | ||||
| >= 9.0.0, < 9.1.0, < 8.7.11 | — | 3.5 LOW | ||
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | ||||
| = 4.2.10, = 4.1.11, = 4.1.1, = 4.2.4, = 4.2.5, = 4.2.11, = 4.1.8, = 4.1.6, = 4.2.0, = 4.3.1, = 4.3.2, = 4.3.3, = 4.2.1, = 4.1.0, = 4.1.3, = 4.3.0, = 4.2.2, = 4.1.4, = 4.1.13, = 4.2.6, = 4.2.8, = 4.1.9, = 4.1.12, = 4.4.0, = 4.2.3, = 4.2.12, = 4.1.7, = 4.1.2, = 4.2.7, = 4.2.9, = 4.1.10, = 4.1.5 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified parameters to unknown backend forms. | ||||
| = 8.6.1, = 7.6.6, = 8.3.1, = 7.6.0, = 7.6.5, = 7.6.20, = 8.2.0, = 8.7.0, = 7.6.2, = 7.6.3, = 7.6.12, = 7.6.19, = 8.5.1, = 7.6.14, = 7.6.21, = 8.5.0, = 8.1.1, = 8.1.0, = 7.6.7, = 7.6.15, = 7.6.16, = 8.7.3, = 8.7.2, = 8.4.0, = 7.6.17, = 7.6.18, = 8.2.1, = 7.6.4, = 7.6.11, = 8.6.0, = 8.1.2, = 7.6.13, = 8.7.4, = 8.4.1, = 7.6.8, = 8.7.1, = 8.0.1, = 8.0.0, = 7.6.1, = 7.6.9, = 7.6.10, = 8.3.0 | — | 6.5 MEDIUM | ||
Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code. | ||||
| = 7.6.15 | — | 5 MEDIUM | ||
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields. | ||||
| = 7.6.6, = 7.0.0, = 7.6.0, = 7.6.5, = 7.0.2, = 7.6.2, = 7.4.0, = 7.6.3, = 7.3.1, = 7.6.1, = 7.6.4, = 7.5.0, = 7.6.8, = 7.1.0, = 7.2.0, = 7.3.0, <= 6.2.23, = 8.1.1, = 7.6.7 | — | 6.8 MEDIUM | ||
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 6.2.4, = 6.2.5, = 6.2.11, = 6.2.15, = 6.2.14, = 6.2.16, = 6.2.3, = 6.2.6, = 6.2.18, = 6.2.17, = 6.2, = 6.2.10, = 6.2.12, = 6.2.2, = 6.2.9, = 6.2.13, = 6.2.7 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 6.2.4, = 6.2.5, = 6.2.11, = 6.2.15, = 6.2.14, = 6.2, = 6.2.12, = 6.2.10, = 6.2.9, = 6.2.7, = 6.2.2, = 6.2.13, = 6.2.6, = 6.2.3 | — | 4.3 MEDIUM | ||
The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing." | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 7.0.0, = 7.6.0, = 6.2.4, = 7.0.2, = 6.2.5, = 6.2.11, = 7.5.0, = 6.2.3, = 6.2.2, = 6.2.15, = 6.2.14, = 7.4.0, = 7.3.0, = 6.2.12, = 7.3.1, = 7.2.0, = 6.2, = 7.1.0, = 6.2.9, = 6.2.10, = 7.6.1, = 6.2.7, = 6.2.6, = 6.2.13 | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 7.0.0, = 7.6.0, = 6.2.4, = 7.0.2, = 6.2.5, = 6.2.11, = 7.5.0, = 7.4.0, = 7.3.1, = 7.3.0, = 6.2.3, = 6.2.2, = 6.2.15, = 6.2.14, = 6.2.12, = 7.2.0, = 7.0.1, = 6.2.9, = 6.2.10, = 6.2.7, = 6.2.6, = 6.2.13, = 7.6.1, = 7.1.0 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 7.0.0, = 7.6.0, = 6.2.4, = 7.0.2, = 6.2.5, = 6.2.11, = 6.2.3, = 6.2.12, = 7.4.0, = 7.5.0, = 7.0.1, = 7.3.1, = 7.3.0, = 7.2.0, = 6.2.2, = 6.2.15, = 6.2.14, = 6.2.9, = 6.2.7, = 6.2.10, = 6.2.6, = 7.6.1, = 7.1.0, = 6.2.13 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 6.2.4, = 6.2.5, = 6.2.11, = 6.2.15, = 6.2.14, = 6.2, = 6.2.9, = 6.2.13, = 6.2.12, = 6.2.2, = 6.2.10, = 6.2.3, = 6.2.7, = 6.2.6 | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 7.0.0, = 7.6.0, = 6.2.4, = 7.0.2, = 6.2.5, = 6.2.11, = 7.5.0, = 6.2.15, = 6.2.2, = 7.3.1, = 7.2.0, = 6.2.14, = 6.2.12, = 7.4.0, = 7.3.0, = 6.2.3, = 7.6.1, = 6.2.10, = 6.2.9, = 7.1.0, = 6.2.6, = 6.2.13, = 6.2.7 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | ||||
| = 6.2.1, = 6.2.8, = 6.2.0, = 7.0.0, = 6.2.4, = 6.0.11, = 6.0.1, = 6.1.3, = 6.2.5, = 6.0.13, = 6.0.8, = 6.0.9, = 6.1.6, = 6.2.2, = 6.2.3, = 6.2.11, <= 4.5.40, = 6.0, = 6.2, = 6.2.14, = 6.0.10, = 6.1.5, = 7.2.0, = 6.0.2, = 6.0.3, = 6.1.1, = 6.1.9, = 6.0.12, = 6.0.14, = 6.1.7, = 6.2.10, = 6.0.4, = 6.0.5, = 6.1.2, = 6.2.6, = 6.2.7, = 7.3.0, = 6.0.6, = 6.0.7, = 6.1.4, = 6.2.9, = 7.1.0, = 6.1, = 6.1.8, = 6.2.12, = 6.2.13 | — | 3.5 LOW | ||
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php. | ||||
| = 4.3.6, = 4.5.30, = 4.5.3, = 4.6.16, = 4.5.27, = 4.3.5, = 4.5.9, = 4.3.8, = 4.5.12, = 4.4.13, = 4.5.5, = 4.5.13, = 4.5.38, = 4.6.6, = 4.6.13, = 4.4.14, = 4.5.15, = 4.5.24, = 4.5.32, = 4.6.8, = 4.6.17, = 4.6.3, = 4.6.12, = 4.3.7, = 4.3.14, = 4.5.17, = 4.5.35, = 4.3.2, = 4.3.3, = 4.3.10, = 4.3.11, = 4.4.4, = 4.4.5, = 4.5.14, = 4.5.21, = 4.5.29, = 4.6.5, = 4.3.0, = 4.3.9, = 4.4.1, = 4.4.2, = 4.3.13, = 4.4.6, = 4.4.7, = 4.4.15, = 4.5.6, = 4.5.7, = 4.5.23, = 4.5.31, = 4.6, = 4.6.0, = 4.6.15, = 4.4.11, = 4.5.11, = 4.5.20, = 4.5.36, = 4.5.37, = 4.5.0, = 4.5.8, = 4.5.18, = 4.5.26, = 4.6.10, = 4.6.18, = 4.4.12, = 4.5.4, = 4.5.22, = 4.5.39, = 4.3.1, = 4.4.3, = 4.3.4, = 4.3.12, = 4.5.16, = 4.5.33, = 4.6.7, = 4.6.14, = 4.4.10, = 4.5.2, = 4.5.19, = 4.5.28, = 4.6.4, = 4.6.11, = 4.4.0, = 4.4.8, = 4.4.9, = 4.5.1, = 4.5.10, = 4.5.25, = 4.5.34, = 4.6.1, = 4.6.2, = 4.6.9 | — | 2.6 LOW | ||
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value. | ||||
| = 6.2.1, = 4.7.5, = 6.2.8, = 6.2.0, = 4.7.8, = 7.0.0, = 4.5.30, = 4.7.17, = 4.5.3, = 6.0.1, = 6.2.4, = 6.2.5, = 4.7.20, = 4.6.16, = 4.5.12, = 4.5.9, = 6.0.10, = 6.1.3, = 4.7.1, = 4.6.13, = 4.6.3, = 4.5.27, = 6.1.9, = 4.6.6, = 6.0.11, = 4.5.24, = 4.5.32, = 6.0, = 6.1.1, = 4.7.19, = 4.7.2, = 4.6.17, = 4.5.13, = 4.5.14, = 4.5.15, = 4.5.29, = 4.5.8, = 6.0.8, = 6.1.5, = 4.7.4, = 4.5.0, = 4.5.17, = 4.5.5, = 4.5.7, = 6.0.2, = 6.0.3, = 6.2, = 4.7.12, = 4.7.13, = 4.6.0, = 4.6.8, = 4.5.20, = 4.5.23, = 4.5.35, = 4.5.37, = 4.5.38, = 6.0.13, = 6.1.6, = 4.6.10, = 4.6.12, = 4.5.18, = 4.5.26, = 4.5.6, = 7.0.1, = 6.0.9, = 6.1, = 6.1.2, = 6.2.3, = 6.2.6, = 4.7.3, = 4.6.14, = 4.6.15, = 4.5.28, = 6.0.12, = 6.0.6, = 4.7.14, = 4.7.16, = 4.7.18, = 4.7.6, = 4.6.11, = 4.6.18, = 4.6.5, = 4.5.10, = 4.5.19, = 4.5.25, = 4.5.31, = 4.5.33, = 6.0.14, = 6.0.4, = 6.1.7, = 6.1.8, = 4.7.10, = 4.7.11, = 4.7.9, = 4.6.1, = 4.6.7, = 4.6.9, = 4.5.2, = 4.5.21, = 4.5.22, = 4.5.36, = 6.0.5, = 6.0.7, = 6.1.4, = 6.2.2, = 6.2.7, = 4.7.0, = 4.7.15, = 4.7.7, = 4.6.2, = 4.6.4, = 4.5.1, = 4.5.11, = 4.5.16, = 4.5.34, = 4.5.4 | — | 7.5 HIGH | ||
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page. | ||||
| = 6.2.1, = 4.7.5, = 6.2.8, = 6.2.0, = 4.7.8, = 7.0.0, = 4.5.30, = 4.7.17, = 4.5.3, = 6.0.1, = 6.0.10, = 6.0.11, = 6.1.9, = 6.2.5, = 4.7.20, = 4.6.16, = 4.7.1, = 4.6.13, = 4.6.3, = 4.5.27, = 6.2.4, = 4.6.6, = 4.5.12, = 4.5.9, = 6.1.3, = 4.5.24, = 4.5.32, = 6.0, = 6.0.3, = 6.1.1, = 6.2, = 4.7.12, = 4.7.13, = 4.7.2, = 4.6.0, = 4.6.17, = 4.6.8, = 4.5.14, = 4.5.15, = 4.5.37, = 4.5.38, = 6.0.13, = 6.0.8, = 6.1.5, = 6.1.6, = 4.6.12, = 4.5.18, = 4.5.26, = 4.5.6, = 4.5.7, = 6.0.2, = 4.7.19, = 4.5.13, = 4.5.20, = 4.5.29, = 4.5.35, = 4.5.8, = 4.7.4, = 4.6.10, = 4.5.0, = 4.5.17, = 4.5.23, = 4.5.5, = 6.0.5, = 6.0.6, = 7.0.1, = 6.0.4, = 6.1.2, = 6.2.6, = 4.7.3, = 4.6.1, = 4.6.9, = 4.5.21, = 4.5.22, = 6.0.12, = 6.0.7, = 6.2.2, = 4.7.0, = 4.7.16, = 4.7.6, = 4.7.7, = 4.6.4, = 4.5.10, = 4.5.11, = 4.5.19, = 4.5.25, = 4.5.33, = 4.5.34, = 6.0.14, = 6.0.9, = 6.1, = 6.1.7, = 6.1.8, = 6.2.3, = 4.7.10, = 4.7.11, = 4.7.18, = 4.7.9, = 4.6.14, = 4.6.15, = 4.6.5, = 4.6.7, = 4.5.2, = 4.5.28, = 4.5.36, = 6.1.4, = 6.2.7, = 4.7.14, = 4.7.15, = 4.6.11, = 4.6.18, = 4.6.2, = 4.5.1, = 4.5.16, = 4.5.31, = 4.5.4 | — | 4.3 MEDIUM | ||
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 6.2.1, = 6.2.0, = 6.2, = 6.2.2 | — | 4 MEDIUM | ||
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors. | ||||
| = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.32, = 4.5.15, = 4.5.5, = 4.5.11, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.13, = 4.5.20, = 4.5.6, = 4.5.7, = 4.5.0, = 4.5.1, = 4.5.17, = 4.5.23, = 4.5.31, = 4.5.33, = 4.5.14, = 4.5.21, = 4.5.29, = 4.5.8, = 4.5.10, = 4.5.25, = 4.5.4, = 4.5.2, = 4.5.28, = 4.5.16, = 4.5.22, = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.13, = 6.0.9, = 6.0.5, = 6.0.6, = 6.0.7, = 6.0.4, = 6.0.12, = 6.2.1, = 6.2.0, = 6.2, = 6.2.2, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1.7, = 6.1, = 6.1.8, = 6.1.2, = 4.7.5, = 4.7.8, = 4.7.17, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.11, = 4.7.3, = 4.7.18, = 4.7.0, = 4.7.16, = 4.7.9, = 4.7.14, = 4.7.15, = 4.7.6 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters. | ||||
| = 4.7.5, = 4.2.10, = 4.3.6, = 4.7.8, = 4.1.11, = 4.5.30, = 4.1.1, = 4.7.17, = 4.5.3, = 4.2, = 4.2.14, = 4.5.12, = 6.0.11, = 4.1, = 4.2.15, = 4.3.8, = 4.5.24, = 4.5.27, = 4.5.9, = 4.6.6, = 4.2.4, = 4.2.5, = 4.3.5, = 4.6.16, = 6.0.1, = 6.0.10, = 6.1.3, = 4.0.10, = 4.1.8, = 4.3.7, = 4.4.13, = 4.4.15, = 4.5.14, = 4.6.12, = 4.0.3, = 4.2.0, = 4.2.8, = 4.3.14, = 4.4.14, = 4.5.13, = 4.5.15, = 4.5.5, = 4.6.13, = 4.6.3, = 4.7.1, = 6.0.8, = 4.1.12, = 4.2.11, = 4.2.13, = 4.5.8, = 4.6.8, = 6.0.2, = 6.0.3, = 4.0.5, = 4.1.4, = 4.1.6, = 4.2.3, = 4.4.4, = 4.5.17, = 4.5.32, = 4.6.17, = 6.1.6, = 6.1.1, = 4.0.1, = 4.0, = 4.0.12, = 4.0.2, = 4.0.4, = 4.1.0, = 4.2.1, = 4.3.13, = 4.3.2, = 4.3.9, = 4.5, = 4.5.20, = 4.5.29, = 4.5.6, = 4.6.10, = 4.7.15, = 6.0.13, = 4.0.13, = 4.1.14, = 4.1.9, = 4.2.17, = 4.2.6, = 4.4.7, = 4.5.21, = 4.5.7, = 4.6.1, = 4.6.18, = 4.7.14, = 4.7.18, = 4.7.7, = 6.0.14, <= 6.1.9, = 6.1.4, = 4.1.13, = 4.2.12, = 4.3, = 4.3.0, = 4.3.10, = 4.3.11, = 4.4.0, = 4.4.1, = 4.4.11, = 4.5.0, = 4.5.11, = 4.5.23, = 4.5.26, = 4.6, = 4.6.0, = 4.6.5, = 4.7.19, = 4.7.2, = 4.7.4, = 6.0.6, = 4.0.7, = 4.0.8, = 4.1.7, = 4.2.2, = 4.3.3, = 4.4.2, = 4.4.5, = 4.4.6, = 4.5.18, = 4.5.31, = 4.6.15, = 4.7.10, = 4.7.11, = 4.7.12, = 4.7.13, = 6.0, = 6.1.7, = 6.1.5, = 6.0.9, = 4.0.0, = 4.0.9, = 4.1.15, = 4.1.3, = 4.2.16, = 4.2.7, = 4.2.9, = 4.4.8, = 4.5.22, = 4.5.4, = 4.6.2, = 4.6.4, = 4.6.9, = 4.7.0, = 4.7.6, = 4.1.2, = 4.3.12, = 4.4, = 4.4.12, = 4.4.9, = 4.5.2, = 4.5.28, = 4.6.11, = 4.7, = 4.7.16, = 6.0.12, = 6.1.2, = 4.0.11, = 4.1.10, = 4.3.1, = 4.4.10, = 4.5.1, = 4.5.10, = 4.5.25, = 4.6.7, = 4.7.3, = 6.0.4, = 6.0.5, = 6.1, = 4.0.6, = 4.1.5, = 4.3.4, = 4.4.3, = 4.5.16, = 4.5.19, = 4.5.33, = 4.5.34, = 4.6.14, = 4.7.9, = 6.1.8, = 6.0.7 | — | 4 MEDIUM | ||
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. | ||||
| = 6.2.1, = 6.2.0, = 6.2, = 6.2.2 | — | 5.8 MEDIUM | ||
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| = 4.7.5, = 4.7.8, = 4.7.17, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.11, = 4.7.3, = 4.7.18, = 4.7.14, = 4.7.15, = 4.7.0, = 4.7.16, = 4.7.9, = 4.7.6, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.32, = 4.5.15, = 4.5.5, = 4.5.33, = 4.5.0, = 4.5.23, = 4.5.31, = 4.5.11, = 4.5.19, = 4.5.20, = 4.5.6, = 4.5.13, = 4.5.14, = 4.5.21, = 4.5.29, = 4.5.7, = 4.5.8, = 4.5.1, = 4.5.17, = 4.5.18, = 4.5.26, = 4.5.16, = 4.5.2, = 4.5.28, = 4.5.22, = 4.5.10, = 4.5.25, = 4.5.4, = 6.2.1, = 6.2.0, = 6.2, = 6.2.2, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1.7, = 6.1, = 6.1.8, = 6.1.2, = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.13, = 6.0.9, = 6.0.4, = 6.0.7, = 6.0.12, = 6.0.5, = 6.0.6 | — | 5 MEDIUM | ||
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." | ||||
| = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1.7, = 6.1, = 6.1.8, = 6.1.2, = 4.7.5, = 4.7.8, = 4.7.17, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.14, = 4.7.15, = 4.7.6, = 4.7.10, = 4.7.3, = 4.7.11, = 4.7.18, = 4.7.0, = 4.7.16, = 4.7.9, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.32, = 4.5.15, = 4.5.5, = 4.5.11, = 4.5.19, = 4.5.26, = 4.5.33, = 4.5.14, = 4.5.23, = 4.5.8, = 4.5.13, = 4.5.20, = 4.5.21, = 4.5.29, = 4.5.6, = 4.5.7, = 4.5.0, = 4.5.1, = 4.5.17, = 4.5.18, = 4.5.31, = 4.5.10, = 4.5.2, = 4.5.4, = 4.5.22, = 4.5.28, = 4.5.16, = 4.5.25, = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.13, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.12, = 6.0.4, = 6.0.5 | — | 6 MEDIUM | ||
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. | ||||
| = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6.1, = 4.6.7, = 4.6.11, = 4.6.9, = 4.6.2, = 4.6.4, = 4.7.5, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7, = 4.7.0, = 4.7.3, = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.11, = 4.5.18, = 4.5.2, = 4.5.10, = 4.5.19, = 4.5.20, = 4.5.7, = 4.5.16, = 4.5, = 4.5.0, = 4.5.1, = 4.5.4, = 4.5.6 | — | 4 MEDIUM | ||
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL. | ||||
| = 6.0.1, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.5, = 6.0.7, = 6.0.4, = 6.1.1, = 6.1, = 6.1.2 | — | 6.5 MEDIUM | ||
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file. | ||||
| = 6.1.3, = 6.1.1, = 6.1, = 6.1.2, = 6.0.1, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.6, = 6.0.5, = 6.0.7, = 6.0.4 | — | 5.5 MEDIUM | ||
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL. | ||||
| = 6.1.3, = 6.1.1, = 6.1, = 6.1.2, = 6.0.1, = 6.0.3, = 6.0.2, = 6.0, = 6.0.6, = 6.0.5, = 6.0.7, = 6.0.4 | — | 6.5 MEDIUM | ||
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension when renaming a file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4250. | ||||
| = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.5, = 6.0.4, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.6, = 4.7.11, = 4.7.3, = 4.7.0, = 4.7.16, = 4.7, = 4.7.14, = 4.7.15, = 4.7.9, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.11, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.6, = 4.5.0, = 4.5.1, = 4.5.16, = 4.5.17, = 4.5.23, = 4.5.31, = 4.5, = 4.5.14, = 4.5.21, = 4.5.20, = 4.5.29, = 4.5.7, = 4.5.8, = 4.5.10, = 4.5.25, = 4.5.4, = 4.5.22, = 4.5.2, = 4.5.28 | — | 2.6 LOW | ||
Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072. | ||||
| = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.4, = 6.0.5, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.14, = 4.7.15, = 4.7.6, = 4.7.16, = 4.7.0, = 4.7.9, = 4.7.11, = 4.7.3, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.1, = 4.5.17, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.8, = 4.5.31, = 4.5.0, = 4.5.16, = 4.5.23, = 4.5.6, = 4.5.7, = 4.5.29, = 4.5.14, = 4.5.21, = 4.5.4, = 4.5.11, = 4.5.20, = 4.5.10, = 4.5.25, = 4.5.22, = 4.5.28, = 4.5.2 | — | 4.9 MEDIUM | ||
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors. | ||||
| = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.4, = 6.0.5, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.29, = 4.5.14, = 4.5.21, = 4.5.4, = 4.5.11, = 4.5.20, = 4.5.31, = 4.5.0, = 4.5.16, = 4.5.17, = 4.5.23, = 4.5.6, = 4.5.7, = 4.5.1, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.8, = 4.5.22, = 4.5.28, = 4.5.2, = 4.5.10, = 4.5.25, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.3, = 4.7.14, = 4.7.15, = 4.7.6, = 4.7.11, = 4.7.9, = 4.7.16, = 4.7.0 | — | 5.8 MEDIUM | ||
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment." | ||||
| = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.31, = 4.5.0, = 4.5.16, = 4.5.23, = 4.5.6, = 4.5.7, = 4.5.29, = 4.5.14, = 4.5.20, = 4.5.21, = 4.5.4, = 4.5.1, = 4.5.17, = 4.5.18, = 4.5.8, = 4.5.11, = 4.5.19, = 4.5.26, = 4.5.22, = 4.5.28, = 4.5.10, = 4.5.25, = 4.5.2, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.14, = 4.7.6, = 4.7.11, = 4.7.3, = 4.7.15, = 4.7.16, = 4.7.0, = 4.7.9, = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.4, = 6.0.5, = 6.0.7 | — | 5.8 MEDIUM | ||
Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.11, = 4.5.19, = 4.5.26, = 4.5.0, = 4.5.1, = 4.5.17, = 4.5.18, = 4.5.8, = 4.5.31, = 4.5.16, = 4.5.23, = 4.5.6, = 4.5.7, = 4.5.29, = 4.5.14, = 4.5.20, = 4.5.21, = 4.5.4, = 4.5.2, = 4.5.10, = 4.5.25, = 4.5.22, = 4.5.28, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2, = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.5, = 6.0.4, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.11, = 4.7.3, = 4.7.0, = 4.7.9, = 4.7.14, = 4.7.15, = 4.7.16, = 4.7.6 | — | 4 MEDIUM | ||
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. | ||||
| = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.4, = 6.0.5, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.14, = 4.7.11, = 4.7.3, = 4.7.15, = 4.7.16, = 4.7.6, = 4.7.0, = 4.7.9, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.31, = 4.5.14, = 4.5.21, = 4.5.23, = 4.5.6, = 4.5.29, = 4.5.20, = 4.5.4, = 4.5.0, = 4.5.1, = 4.5.16, = 4.5.17, = 4.5.7, = 4.5.8, = 4.5.11, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.22, = 4.5.28, = 4.5.2, = 4.5.25, = 4.5.10, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2 | — | 6.5 MEDIUM | ||
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature." | ||||
| = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.15, = 4.7.16, = 4.7.14, = 4.7.6, = 4.7.11, = 4.7.3, = 4.7.0, = 4.7.9, = 6.2.0, = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.11, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.0, = 4.5.1, = 4.5.16, = 4.5.17, = 4.5.7, = 4.5.8, = 4.5.31, = 4.5.14, = 4.5.23, = 4.5.6, = 4.5.29, = 4.5.20, = 4.5.21, = 4.5.4, = 4.5.10, = 4.5.2, = 4.5.25, = 4.5.22, = 4.5.28, = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.4, = 6.0.5 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. | ||||
| = 6.0.11, = 6.0.1, = 6.0.10, = 6.0.8, = 6.0.3, = 6.0.2, = 6.0, = 6.0.9, = 6.0.6, = 6.0.7, = 6.0.5, = 6.0.4, = 6.1.3, = 6.1.6, = 6.1.1, = 6.1.5, = 6.1.4, = 6.1, = 6.1.2 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.30, = 4.5.3, = 4.5.27, = 4.5.9, = 4.5.12, = 4.5.24, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.31, = 4.5.14, = 4.5.23, = 4.5.6, = 4.5.29, = 4.5.20, = 4.5.21, = 4.5.4, = 4.5.11, = 4.5.18, = 4.5.19, = 4.5.26, = 4.5.0, = 4.5.1, = 4.5.16, = 4.5.17, = 4.5.7, = 4.5.8, = 4.5.22, = 4.5.28, = 4.5.10, = 4.5.2, = 4.5.25, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.13, = 4.7.2, = 4.7.4, = 4.7.12, = 4.7.7, = 4.7.10, = 4.7.11, = 4.7.3, = 4.7.0, = 4.7.9, = 4.7.14, = 4.7.15, = 4.7.16, = 4.7.6 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 10 HIGH | ||
Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 10 HIGH | ||
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 6.8 MEDIUM | ||
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5, = 4.5.11, = 4.5.6, = 4.5.2, = 4.5.20, = 4.5.10, = 4.5.1, = 4.5.18, = 4.5.7, = 4.5.0, = 4.5.4, = 4.5.19, = 4.5.16, = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.4, = 4.6.9, = 4.6.1, = 4.6.7, = 4.6.11, = 4.6.2, = 4.7.5, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7, = 4.7.0, = 4.7.3 | — | 6.5 MEDIUM | ||
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.18, = 4.5.19, = 4.5.4, = 4.5.0, = 4.5.16, = 4.5.6, = 4.5.10, = 4.5.2, = 4.5.1, = 4.5.20, = 4.5.7, = 4.5, = 4.5.11, = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.9, = 4.6.7, = 4.6.2, = 4.6.11, = 4.6.4, = 4.6.1, = 4.7.5, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7, = 4.7.0, = 4.7.3 | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.18, = 4.5.19, = 4.5.6, = 4.5.10, = 4.5.2, = 4.5.1, = 4.5.20, = 4.5.7, = 4.5, = 4.5.11, = 4.5.4, = 4.5.0, = 4.5.16, = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.9, = 4.6.4, = 4.6.7, = 4.6.11, = 4.6.1, = 4.6.2, = 4.7.5, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7, = 4.7.0, = 4.7.3 | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5, = 4.5.11, = 4.5.6, = 4.5.2, = 4.5.20, = 4.5.7, = 4.5.0, = 4.5.4, = 4.5.19, = 4.5.16, = 4.5.10, = 4.5.1, = 4.5.18, = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.4, = 4.6.1, = 4.6.7, = 4.6.11, = 4.6.2, = 4.6.9, = 4.7.5, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7, = 4.7.0, = 4.7.3 | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 6 MEDIUM | ||
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 6.4 MEDIUM | ||
Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and earlier for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.4, = 4.5.19, = 4.5.16, = 4.5, = 4.5.6, = 4.5.2, = 4.5.23, = 4.5.22, = 4.5.10, = 4.5.1, = 4.5.18, = 4.5.7, = 4.5.11, = 4.5.0, = 4.6.16, = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6.11, = 4.6.2, = 4.6, = 4.6.4, = 4.6.14, = 4.6.9, = 4.6.7, = 4.6.15, = 4.6.1, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7.7, = 4.7.6, = 4.7, = 4.7.0, = 4.7.3, = 6.0.1, = 6.0.2, = 6.0 | — | 6.4 MEDIUM | ||
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.22, = 4.5.4, = 4.5.19, = 4.5.16, = 4.5.11, = 4.5, = 4.5.2, = 4.5.23, = 4.5.6, = 4.5.10, = 4.5.1, = 4.5.18, = 4.5.7, = 4.5.0, = 4.6.16, = 4.6.6, = 4.6.3, = 4.6.13, = 4.6.12, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6.7, = 4.6.11, = 4.6.2, = 4.6.1, = 4.6, = 4.6.4, = 4.6.14, = 4.6.9, = 4.6.15, = 4.7.5, = 4.7.8, = 4.7.1, = 4.7.2, = 4.7.4, = 4.7.7, = 4.7.6, = 4.7, = 4.7.0, = 4.7.3, = 6.0.1, = 6.0.2, = 6.0 | — | 7.5 HIGH | ||
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." | ||||
| all versions | — | 5 MEDIUM | ||
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5, = 4.5.11, = 4.5.6, = 4.5.10, = 4.5.1, = 4.5.16, = 4.5.2, = 4.5.7, = 4.5.0, = 4.5.4, = 4.5.18, = 4.6.6, = 4.6.3, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.6.11, = 4.6.7, = 4.6.2, = 4.6.9, = 4.7.1, = 4.7.2, = 4.7, = 4.7.0, = 4.7.3 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.0, = 4.5.4, = 4.5.10, = 4.5.11, = 4.5.6, = 4.5.1, = 4.5.16, = 4.5.7, = 4.5, = 4.5.2, = 4.5.18, = 4.6.6, = 4.6.3, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.6.11, = 4.6.9, = 4.6.7, = 4.6.2, = 4.7.1, = 4.7.2, = 4.7, = 4.7.0, = 4.7.3 | — | 3.5 LOW | ||
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.0, = 4.5.10, = 4.5.16, = 4.5.11, = 4.5.6, = 4.5.2, = 4.5.1, = 4.5.7, = 4.5, = 4.5.4, = 4.5.18, = 4.6.6, = 4.6.3, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.6.11, = 4.6.7, = 4.6.9, = 4.6.2, = 4.7.1, = 4.7.2, = 4.7, = 4.7.0, = 4.7.3 | — | 4.3 MEDIUM | ||
Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5, = 4.5.11, = 4.5.2, = 4.5.18, = 4.5.7, = 4.5.0, = 4.5.4, = 4.5.6, = 4.5.10, = 4.5.1, = 4.5.16, = 4.6.6, = 4.6.3, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.6.9, = 4.6.7, = 4.6.2, = 4.6.11, = 4.7.1, = 4.7.2, = 4.7, = 4.7.0, = 4.7.3, >= 4.7.0, < 4.7.4, >= 4.6.0, < 4.6.12, >= 4.5.0, < 4.5.19 | — | 4.6 MEDIUM | ||
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.15, = 4.5.5, = 4.5.13, = 4.5.17, = 4.5.8, = 4.5.14, = 4.5.7, = 4.5.0, = 4.5.4, = 4.5.18, = 4.5.6, = 4.5.10, = 4.5.16, = 4.5, = 4.5.11, = 4.5.2, = 4.5.1, = 4.6.6, = 4.6.3, = 4.6.8, = 4.6.0, = 4.6.10, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.6.11, = 4.6.7, = 4.6.2, = 4.6.9, = 4.7.1, = 4.7.2, = 4.7, = 4.7.0, = 4.7.3 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.4.13, = 4.4.4, = 4.4.5, = 4.4.11, = 4.4.1, = 4.4.2, = 4.4.6, = 4.4.7, = 4.4.0, = 4.4.10, = 4.4.12, = 4.4.8, = 4.4, = 4.4.9, = 4.4.3, = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.5, = 4.5.13, = 4.5.8, = 4.5.7, = 4.5.6, = 4.5.0, = 4.5, = 4.5.10, = 4.5.1, = 4.5.4, = 4.5.11, = 4.5.2, = 4.6.6, = 4.6.3, = 4.6.0, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.6.2, = 6.0, = 4.7 | — | 5 MEDIUM | ||
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.6.6, = 4.6.3, = 4.5.5, = 4.5.13, = 4.4.13, = 4.5.8, = 4.4.1, = 4.5.0, = 4.6.1, = 4.4.4, = 4.4.5, = 4.4.6, = 4.4.7, = 4.5.7, = 4.4.0, = 4.4.2, = 4.4.9, = 4.4.11, = 4.5.6, = 4.5.11, = 6.0, = 4.6.4, = 4.6.5, = 4.6.0, = 4.4.3, = 4.4.10, = 4.4.12, = 4.5.1, = 4.5.2, = 4.6.2, = 4.4.8, = 4.5.10, = 4.5.4, = 4.7 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.9, = 4.5.12, = 4.6.6, = 4.6.3, = 4.5.5, = 4.5.13, = 4.4.13, = 4.5.8, = 4.4.0, = 4.4.1, = 4.4.2, = 4.5.6, = 4.6.5, = 6.0, = 4.4.5, = 4.4.7, = 4.5.0, = 4.5.7, = 4.6.4, = 4.4.9, = 4.4.11, = 4.5.11, = 4.6.0, = 4.4.4, = 4.4.6, = 4.6.1, = 4.4.3, = 4.5.2, = 4.5.4, = 4.7, = 4.4.12, = 4.6.2, = 4.4.8, = 4.4.10, = 4.5.1, = 4.5.10 | — | 5 MEDIUM | ||
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. | ||||
| = 4.6.6, = 4.6.3, = 4.6.0, = 6.0, = 4.6.5, = 4.6, = 4.6.1, = 4.6.4, = 4.7, = 4.6.2 | — | 5 MEDIUM | ||
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." | ||||
| = 4.4.14, = 4.4.13, = 4.4.4, = 4.4.5, = 4.4.11, = 4.4.1, = 4.4.2, = 4.4.6, = 4.4.7, = 4.4.0, = 4.4.8, = 4.4.9, = 4.4.3, = 4.4.10, = 4.4.12, = 4.5.3, = 4.5.9, = 4.5.12, = 4.5.5, = 4.5.13, = 4.5.8, = 4.5.14, = 4.5.7, = 4.5.6, = 4.5.0, = 4.5.1, = 4.5.2, = 4.5.10, = 4.5.4, = 4.5.11, = 4.6.6, = 4.6.3, = 4.6.0, = 4.6.5, = 4.6.1, = 4.6.4, = 4.6.7, = 4.6.2, = 4.7 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages. | ||||
| = 4.2.10, = 4.2.14, = 4.2.4, = 4.2.5, = 4.2.15, = 4.2.11, = 4.2.0, = 4.2.8, = 4.2.13, = 4.2.7, = 4.2.3, = 4.2.12, = 4.2.6, = 4.2.1, = 4.2.2, = 4.2.9, = 4.3.6, = 4.3.5, = 4.3.8, = 4.3.7, = 4.3.2, = 4.3.0, = 4.3.3, = 4.3.4, = 4.3.1, = 4.4.4, = 4.4.1, = 4.4.2, = 4.4.0, = 4.4.3 | — | 6.8 MEDIUM | ||
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.3.8, = 4.2.4, = 4.2.5, = 4.2.15, = 4.2.11, = 4.2.7, = 4.2.12, = 4.3.0, = 4.4.2, = 4.2.8, = 4.2.0, = 4.3.4, = 4.4.1, = 4.2.3, = 4.2.6, = 4.3.7, = 4.3.1, = 4.4.4, = 4.2.13, = 4.2.2, = 4.2.1, = 4.3.3, = 4.3.2, = 4.4.3, = 4.2.9 | — | 4.3 MEDIUM | ||
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.3.8, = 4.2.4, = 4.2.5, = 4.2.15, = 4.2.11, = 4.2.1, = 4.3.3, = 4.3.2, = 4.3.1, = 4.2.3, = 4.2.6, = 4.3.7, = 4.4.4, = 4.4.2, = 4.2.13, = 4.2.2, = 4.3.4, = 4.2.7, = 4.2.8, = 4.2.12, = 4.2.0, = 4.3.0, = 4.4.1, = 4.2.9, = 4.4.3 | — | 6 MEDIUM | ||
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.3.8, = 4.2.4, = 4.2.5, = 4.2.15, = 4.2.11, = 4.2.6, = 4.2.1, = 4.3.7, = 4.3.2, = 4.3.1, = 4.2.7, = 4.2.8, = 4.2.0, = 4.3.0, = 4.3.4, = 4.4.1, = 4.2.13, = 4.2.2, = 4.3.3, = 4.2.3, = 4.2.12, = 4.4.4, = 4.4.2, = 4.4.3, = 4.2.9 | — | 5 MEDIUM | ||
Directory traversal vulnerability in mod/tools/em/class.em_unzip.php in the unzip library in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote attackers to write arbitrary files via unspecified vectors. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.3.8, = 4.2.4, = 4.2, = 4.2.5, = 4.2.15, = 4.2.3, = 4.2.12, = 4.2.13, = 4.3.3, = 4.3.4, = 4.4.2, = 4.4.1, = 4.2.2, = 4.2.11, = 4.3.2, = 4.4.4, = 4.2.6, = 4.2.0, = 4.2.1, = 4.2.8, = 4.3, = 4.3.0, = 4.3.7, = 4.4.3, = 4.3.1, = 4.4, = 4.2.7, = 4.2.9 | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.3.8, = 4.2.4, = 4.2, = 4.2.5, = 4.2.15, = 4.2.13, = 4.2.2, = 4.3.3, = 4.3.4, = 4.4.1, = 4.2.8, = 4.2.12, = 4.2.0, = 4.3.2, = 4.4.2, = 4.2.3, = 4.2.6, = 4.2.1, = 4.3.7, = 4.2.11, = 4.3, = 4.3.0, = 4.4.4, = 4.4.3, = 4.2.9, = 4.3.1, = 4.4, = 4.2.7 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.3.8, = 4.2.4, = 4.2.5, = 4.2.15, = 4.2.11, = 4.2.8, = 4.2.0, = 4.2.2, = 4.3.4, = 4.4.1, = 4.2.3, = 4.2.6, = 4.3.7, = 4.3.1, = 4.4.4, = 4.2.7, = 4.2.12, = 4.3.0, = 4.4.2, = 4.2.13, = 4.2.1, = 4.3.3, = 4.3.2, = 4.2.9, = 4.4.3 | — | 4 MEDIUM | ||
Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality." | ||||
| = 4.3.6, = 4.3.5, = 4.3.8, = 4.3.7, = 4.4.4, = 4.3.2, = 4.4.1, = 4.4.2, = 4.3.0, = 4.3.4, = 4.4, = 4.3.1, = 4.3.3, = 4.4.3 | — | 2.6 LOW | ||
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.5.3, = 4.5.5, = 4.5.8, = 4.5.7, = 4.5.6, = 4.5, = 4.5.1, = 4.5.4, = 4.5.2, = 4.6, = 4.6.1 | — | 6.8 MEDIUM | ||
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." | ||||
| all versions | — | 6.5 MEDIUM | ||
Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 6.8 MEDIUM | ||
Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter." | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5.8 MEDIUM | ||
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter." | ||||
| all versions | — | 7.5 HIGH | ||
Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 10 HIGH | ||
Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox (vx_xajax_shoutbox) extension before 1.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.5.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 10 HIGH | ||
Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.2.4, = 4.2.5, = 4.2.11, = 4.2.0, = 4.2.8, = 4.2.12, = 4.2.9, = 4.2.2, = 4.3.1, = 4.4.1, = 4.4.3, = 4.2.3, = 4.2.6, = 4.2.7, = 4.3.2, = 4.3.3, = 4.3.4, = 4.2.1, = 4.2.13, = 4.3.0, = 4.4, = 4.4.2 | — | 4.3 MEDIUM | ||
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.2.4, = 4.2.5, = 4.2.11, = 4.2.0, = 4.2.8, = 4.2.6, = 4.2.7, = 4.2.9, = 4.3.4, = 4.4, = 4.2.3, = 4.2.2, = 4.3.1, = 4.3.3, = 4.4.1, = 4.4.3, = 4.2.12, = 4.2.13, = 4.2.1, = 4.3.0, = 4.3.2, = 4.4.2 | — | 5 MEDIUM | ||
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.2.4, = 4.2.5, = 4.2.11, = 4.2.0, = 4.2.8, = 4.2.1, = 4.2.13, = 4.3.0, = 4.2.3, = 4.2.6, = 4.2.7, = 4.3.1, = 4.3.2, = 4.3.3, = 4.3.4, = 4.2.9, = 4.2.2, = 4.2.12 | — | 6 MEDIUM | ||
The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x before 4.3.7 allows remote authenticated users to gain privileges via a crafted POST request that creates a user account with arbitrary group memberships. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.2.4, = 4.2.5, = 4.2.11, = 4.2.0, = 4.2.8, = 4.2.13, = 4.3.0, = 4.3.1, = 4.2.3, = 4.2.6, = 4.3.3, = 4.4.3, = 4.2.9, = 4.2.2, = 4.4, = 4.4.1, = 4.4.2, = 4.2.7, = 4.2.1, = 4.2.12, = 4.3.2, = 4.3.4 | — | 4.9 MEDIUM | ||
Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714. | ||||
| = 4.2.10, = 4.3.6, = 4.2.14, = 4.3.5, = 4.2.4, = 4.2.5, = 4.2.11, = 4.2.0, = 4.2.8, = 4.2.3, = 4.2.2, = 4.2.1, = 4.3.0, = 4.3.1, = 4.4.2, = 4.4.3, = 4.2.9, = 4.2.13, = 4.4, = 4.4.1, = 4.2.7, = 4.2.12, = 4.3.4, = 4.2.6, = 4.3.2, = 4.3.3 | — | 7.1 HIGH | ||
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| all versions | — | 10 HIGH | ||
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | ||||
| = 4.0 | — | 7.5 HIGH | ||
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters." | ||||
| = 4.3.2, = 4.3.0, = 4.3.1 | — | 6.8 MEDIUM | ||
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the Power Extension Manager (ch_lightem) extension 1.0.34 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.3.0 | — | 5.1 MEDIUM | ||
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker and victim have an OpenID provider that discards identities during authentication. | ||||
| all versions | — | 7.5 HIGH | ||
Directory traversal vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 has unknown impact and remote attack vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-2490. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Unit Converter (cs2_unitconv) extension 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript." | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) extension 0.2.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.8 HIGH | ||
Unspecified vulnerability in the Photo Book (goof_fotoboek) extension 1.7.14 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the File list (dr_blob) extension 2.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Frontend news submitter with RTE (fe_rtenews) extension 1.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the ZID Linkliste (zid_linklist) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 6.4 MEDIUM | ||
Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.2 HIGH | ||
Unspecified vulnerability in the DB Integration (wfqbe) extension 1.3.1 and earlier for TYPO3 allows local users to execute arbitrary commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the Simple download-system with counter and categories (kk_downloader) extension 1.2.1 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 3.5 LOW | ||
Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.3, = 1.1, = 4.1.11, = 4.1.1, = 4.1.0, = 3.5.x, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.4, = 4.2.0, = 4.2.8, = 4.0.1, = 4.0.10, = 4.1.12, = 4.2.3, = 0.1.2, = 3.7.x, = 4.0.4, = 4.0.5, = 4.1.6, = 4.2.1, = 1.2.0, = 1.3.0, = 3.7.1, = 4.0.3, = 4.1.3, = 4.2.7, = 1.1.1, = 1.1.10, = 3.6.x, = 4.0.8, = 4.0.9, = 4.1.10, = 4.1.2, = 4.1.9, = 4.2.6, = 1.1.09, = 3.3.x, = 3.5, = 3.8.x, = 4.0, = 4.0.6, = 4.0.7, = 4.1.7, = 1.0.14, = 1.3.2, = 3.0, = 3.8, = 4.1.5, = 4.2.2, = 4.2.9, = 3.7.0, = 4.0.11, = 4.0.2, <= 4.0.12 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| = 4.3, = 1.1, = 4.1.11, = 4.1.1, = 4.1.0, = 3.5.x, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.12, = 4.0.1, = 0.1.2, = 4.0.4, = 4.0.5, = 4.1.6, = 4.2.3, = 1.2.0, = 1.3.0, = 3.7.1, = 3.7.x, = 4.0.3, = 4.1.4, = 4.2.0, = 4.2.1, = 4.2.8, = 4.0.10, = 4.1.10, = 4.1.2, = 4.1.9, = 4.2.6, = 4.2.7, = 1.1.09, = 3.5, = 4.0, = 4.0.6, = 4.0.7, = 4.1.7, = 1.0.14, = 1.3.2, = 3.0, = 3.3.x, = 3.8, = 3.8.x, = 4.1.5, = 4.2.2, = 4.0.2, <= 4.0.12, = 4.1.3, = 4.2.9, = 1.1.1, = 1.1.10, = 3.6.x, = 3.7.0, = 4.0.11, = 4.0.8, = 4.0.9 | — | 6.8 MEDIUM | ||
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. | ||||
| = 4.2.4, = 4.2.5, = 4.2.0, = 4.2.1, = 4.2.6, = 4.2.2 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Frontend Login Box (aka felogin) subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| = 4.3, = 1.1, = 4.1.11, = 4.1.1, = 4.1.0, = 3.5.x, = 4.2.4, = 4.2.5, = 4.1.8, = 4.2.3, = 0.1.2, = 3.7.x, = 4.0.4, = 4.0.5, = 4.1.4, = 4.2.0, = 4.2.8, = 4.0.10, = 4.1.12, = 4.0.1, = 4.1.6, = 4.2.1, = 1.2.0, = 1.3.0, = 3.7.1, = 4.0.3, = 4.1.10, = 4.1.7, = 1.0.14, = 1.3.2, = 3.0, = 3.8, = 4.1.3, = 4.2.7, = 4.2.9, = 1.1.1, = 1.1.10, = 3.6.x, = 4.0.11, = 4.0.8, = 4.0.9, = 4.1.2, = 4.1.9, = 4.2.6, = 1.1.09, = 3.3.x, = 3.5, = 3.8.x, = 4.0, = 4.0.6, = 4.0.7, = 4.1.5, = 4.2.2, = 3.7.0, = 4.0.2, <= 4.0.12 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm. | ||||
| = 4.3, = 4.1.11, = 4.1.1, = 4.1.0, = 4.1, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.6, = 4.0.10, = 4.0.5, = 4.1.12, = 4.11, = 4.0.4, = 4.1.7, = 4.2.0, = 4.2.1, = 4.0.3, = 4.2.3, <= 4.0.13, = 4.2.8, = 4.0.1, = 4.1.4, = 4.0, = 4.0.7, = 4.0.6, = 4.1.10, = 4.2.9, = 4.0.2, = 4.10, = 4.2.2, = 4.0.12, = 4.1.9, = 4.2.6, = 4.2.7, = 4.0.11, = 4.0.8, = 4.0.9, = 4.1.2, = 4.1.3, = 4.1.5 | — | 6.5 MEDIUM | ||
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | ||||
| = 4.3, = 1.1, = 4.1.11, = 4.1.1, = 4.1.0, = 3.5.x, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.6, = 4.2.3, = 1.3.0, = 3.7.1, = 3.7.x, = 4.0.3, = 4.1.12, = 4.0.1, = 0.1.2, = 4.0.4, = 4.0.5, = 4.1.4, = 4.2.0, = 4.2.1, = 4.2.8, = 1.2.0, = 4.0.10, = 4.1.5, = 4.1.7, = 4.2.2, = 1.3.2, = 4.0.2, = 4.1.10, = 4.1.2, = 4.2.6, = 4.2.7, = 1.1.09, = 3.5, = 4.0, = 4.0.6, = 4.0.7, = 4.0.8, = 4.1.9, = 1.0.14, = 3.0, = 3.3.x, = 3.8, = 3.8.x, = 4.1.3, = 4.2.9, = 1.1.1, = 1.1.10, = 3.6.x, = 3.7.0, = 4.0.11, = 4.0.9, <= 4.0.12 | — | 8.5 HIGH | ||
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | ||||
| = 4.3, = 1.1, = 4.1.11, = 4.1.1, = 4.1.0, = 3.5.x, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.12, = 4.1.6, = 4.2.3, = 1.2.0, = 1.3.0, = 3.7.1, = 3.7.x, = 4.0.3, = 4.1.4, = 4.2.0, = 4.2.1, = 4.2.8, = 4.0.10, = 4.0.1, = 0.1.2, = 4.0.4, = 4.0.5, = 4.1.10, = 4.1.2, = 4.2.6, = 4.2.7, = 1.1.09, = 3.5, = 4.1.5, = 4.2.2, = 4.0.2, <= 4.0.12, = 4.1.3, = 4.2.9, = 1.1.1, = 1.1.10, = 3.6.x, = 3.7.0, = 4.0.11, = 4.0.8, = 4.0.9, = 4.0, = 4.0.6, = 4.0.7, = 4.1.7, = 4.1.9, = 1.0.14, = 1.3.2, = 3.0, = 3.3.x, = 3.8, = 3.8.x | — | 5.5 MEDIUM | ||
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue. | ||||
| = 4.3, = 4.1.11, = 4.1.1, = 4.1.0, = 4.1, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.6, = 4.0.3, = 4.1.7, = 4.2.0, = 4.2.8, = 4.0.1, = 4.1.12, = 4.1.4, = 4.2.3, <= 4.0.13, = 4.0.10, = 4.0.4, = 4.0.5, = 4.11, = 4.2.1, = 4.0.2, = 4.1.9, = 4.2.7, = 4.2.9, = 4.0.11, = 4.0.9, = 4.1.3, = 4.1.5, = 4.2.6, = 4.0.12, = 4.0, = 4.0.7, = 4.0.8, = 4.1.2, = 4.10, = 4.1.10, = 4.2.2, = 4.0.6 | — | 3.5 LOW | ||
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.3, = 1.1, = 4.1.11, = 4.1.1, = 4.1.0, = 3.5.x, = 4.2.4, = 4.2.5, = 4.1.8, = 4.1.4, = 4.2.0, = 4.2.1, = 4.1.12, = 4.2.8, = 4.0.1, = 4.0.10, = 1.2.0, = 4.0.5, = 4.1.6, = 4.2.3, = 0.1.2, = 1.3.0, = 3.7.1, = 3.7.x, = 4.0.3, = 4.0.4, = 4.1.5, = 4.1.2, = 4.1.3, = 4.2.6, = 4.2.7, = 1.1.09, = 1.1.1, = 3.5, = 4.0.7, = 4.0.8, = 4.2.9, = 1.1.10, = 3.6.x, = 3.7.0, = 4.0.11, = 4.0.2, = 4.0.9, <= 4.0.12, = 4.1.10, = 4.1.9, = 1.0.14, = 3.0, = 3.3.x, = 3.8, = 3.8.x, = 4.0, = 4.0.6, = 4.1.7, = 4.2.2, = 1.3.2 | — | 4 MEDIUM | ||
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 10 HIGH | ||
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors. | ||||
| all versions | — | 10 HIGH | ||
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 3.5, = 4.0 | — | 7.5 HIGH | ||
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
Unspecified vulnerability in Frontend Filemanager (air_filemanager) 0.6.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
Unspecified vulnerability in nepa-design.de Spam Protection (nd_antispam) extension 1.0.3 for TYPO3 allows remote attackers to modify configuration via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| all versions | — | 4 MEDIUM | ||
Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors. | ||||
| all versions | — | 7.8 HIGH | ||
Directory traversal vulnerability in the wt_gallery extension 2.5.0 and earlier for TYPO3 allows remote attackers to read arbitrary image files and determine directory structure via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.1.1, = 4.2.4, = 4.1, = 4.2, = 4.2.5, = 4.1.8, = 4.1.6, = 4.0.10, = 4.0.5, = 4.0.3, = 4.0.4, = 4.1.9, = 4.0.6, = 4.1.2, = 4.1.3, = 4.2.1, = 4.0.1, = 4.0.2, = 4.0.9, = 4.1.7, = 4.0, = 4.0.7, = 4.0.8, = 4.1.4, = 4.1.5, = 4.2.2, = 4.2.3, = 4.0.11 | — | 4.3 MEDIUM | ||
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | ||||
| = 4.3, = 3.5.x, = 4.2.4, = 4.1, = 4.2, = 4.2.5, = 4.1.8, = 4.1.6, = 4.2.0, = 4.1.4, = 4.1.5, = 4.1.7, = 3.6.x, = 3.8.x, = 4.0, = 4.2.3, = 3.7.x, = 4.1.0, = 4.1.3, = 4.2.2, = 3.3.x, = 4.1.2, = 4.1.9, = 4.2.1 | — | 5 MEDIUM | ||
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) extension 1.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the TYPO3 Simple File Browser (simplefilebrowser) extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA (sr_freecap) extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.1.1, = 4.1.0, = 4.1.6, = 4.2.0, = 4.0.5, = 4.0.3, = 4.2.3, = 4.1.4, = 4.0.4, = 4.2.1, = 4.2.2, = 4.0.2, = 4.1.7, = 4.0, = 4.0.1, = 4.0.8, = 4.0.9, = 4.1.5, = 4.0.6, = 4.0.7, = 4.1.2, = 4.1.3 | — | 10 HIGH | ||
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. | ||||
| = 4.1.1, = 4.1.0, = 4.1.6, = 4.2.0, = 4.0.5, = 4.0.3, = 4.2.3, = 4.1.4, = 4.0.4, = 4.2.1, = 4.2.2, = 4.0.2, = 4.1.7, = 4.0, = 4.0.1, = 4.0.8, = 4.0.9, = 4.1.5, = 4.0.6, = 4.0.7, = 4.1.2, = 4.1.3 | — | 4.3 MEDIUM | ||
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module. | ||||
| = 4.1.1, = 4.1.0, = 4.1.6, = 4.2.0, = 4.0.5, = 4.0.3, = 4.2.3, = 4.1.4, = 4.0.4, = 4.2.1, = 4.2.2, = 4.0.2, = 4.1.7, = 4.0, = 4.0.1, = 4.0.8, = 4.0.9, = 4.1.5, = 4.0.6, = 4.0.7, = 4.1.2, = 4.1.3 | — | 7.5 HIGH | ||
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | ||||
| = 4.1.1, = 4.1.0, = 4.1.6, = 4.2.0, = 4.0.5, = 4.0.3, = 4.2.3, = 4.1.4, = 4.0.4, = 4.2.1, = 4.2.2, = 4.0.2, = 4.1.7, = 4.0, = 4.0.1, = 4.0.8, = 4.0.9, = 4.1.5, = 4.0.6, = 4.0.7, = 4.1.2, = 4.1.3, >= 4.0, < 4.0.10, >= 4.1.0, < 4.1.8, >= 4.2.0, < 4.2.4 | 7.5 HIGH | 5 MEDIUM | ||
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.2.0, = 4.2.1, = 4.2.2 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the frontend plugin for the felogin system extension in TYPO3 4.2.0, 4.2.1 and 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| = 4.2.2 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 5 MEDIUM | ||
Unspecified vulnerability in the TYPO3 File List (file_list) extension 0.2.1 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in the Page Improvements (sm_pageimprovements) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| all versions | — | 7.5 HIGH | ||
SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| = 4.1.1, = 4.1, = 4.2, = 4.1.6, = 4.0.5, = 4.0.3, = 4.1.4, = 4.0.4, = 4.0.1, = 4.0.2, = 4.1.2, = 4.1.3, = 4.0.6, = 4.1.5, = 4.0, = 4.0.7, = 4.0.8 | — | 4.3 MEDIUM | ||
Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| = 4.1.1, = 4.1, = 4.2, = 4.1.6, = 4.0.5, = 4.0.3, = 4.1.4, = 4.0.4, = 4.0.1, = 4.0.2, = 4.1.2, = 4.1.3, = 4.0.6, = 4.1.5, = 4.0.7, = 4.0.8, = 4.0 | — | 6.5 MEDIUM | ||
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions. | ||||
| = 4.1.1, = 4.1, = 4.0.5, = 4.0.3, = 3.7.1, = 3.8.1, = 4.0.4, = 4.0.1, all versions, = 4.0.2, = 4.1.2, = 3.0, = 3.7.0, = 4.1.3, = 3.8, = 4.0.6, = 4.0, = 4.0.7 | — | 6.5 MEDIUM | ||
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| <= 4.0.4, <= 4.1 | — | 7.5 HIGH | ||
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information. | ||||
| = 4.0.3, = 4.0.1, = 4.0.2, = 4.0, = 3.7.0, = 3.8 | — | 7.5 HIGH | ||
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | ||||
| <= 4.0.1, = 4.0 | — | 2.6 LOW | ||
Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| = 3.7.1, = 3.8.1 | — | 5 MEDIUM | ||
TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | ||||
| = 1.1, = 3.7.0, <= 3.8.0 | — | 7.5 HIGH | ||
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | ||||