1. Home
  2. Packages
  3. composer
  4. typo3
  5. cms

pkg:composer/typo3/cms

Type composer
Namespace typo3
Name cms

Known advisories, vulnerabilities and fixes for cms package.

Repository
https://packagist.org/packages/typo3/cms
Critical 1
High 22
Medium 36
Low 4
None 73
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 6.2.0, < 6.2.6 CVE-2013-4701
composer PHP:TYPO3-CMS-2013-4701 Denial of Service in OpenID System Extension high 2014-10-22T09:14:28
(10 years ago)
Affected >= 6.2.0, < 6.2.14 >= 7.1.0, < 7.2.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 >= 7.0.0, < 7.1.0 CVE-2013-7341
composer PHP:TYPO3-CMS-2013-7341 Cross-Site Scripting in 3rd party library Flowplayer medium 2015-07-01T14:23:00
(9 years ago)
Affected >= 6.2.0, < 6.2.3 composer PHP:TYPO3-CMS-2014-05-22-1 The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS 2014-05-22T07:34:03
(10 years ago)
Affected >= 6.2.0, < 6.2.6 composer PHP:TYPO3-CMS-2014-10-22-2 Arbitrary Shell Execution in Swiftmailer library 2014-10-22T09:14:25
(10 years ago)
Affected >= 7.0.0, < 7.0.2 >= 6.2.0, < 6.2.9 composer PHP:TYPO3-CMS-2014-12-09-2 Possible cache poisining on the homepage when anchors are used 2014-12-10T10:08:02
(9 years ago)
Affected >= 6.2.0, < 6.2.3 CVE-2014-3941
composer PHP:TYPO3-CMS-2014-3941 Possible Host Spoofing through SERVER_NAME medium 2014-05-22T09:34:08
(10 years ago)
Affected >= 6.2.0, < 6.2.3 CVE-2014-3943
composer PHP:TYPO3-CMS-2014-3943 Failing to properly encode user input, several backend components are susceptible to XSS low 2014-05-22T09:34:03
(10 years ago)
Affected >= 6.2.0, < 6.2.3 CVE-2014-3944
composer PHP:TYPO3-CMS-2014-3944 Improper Session Invalidation medium 2014-05-22T09:33:36
(10 years ago)
Affected >= 6.2.0, < 6.2.3 CVE-2014-3946
composer PHP:TYPO3-CMS-2014-3946 Information disclosure in the Extbase framework medium 2014-05-22T09:33:36
(10 years ago)
Affected >= 6.2.0, < 6.2.9 >= 7.0.0, < 7.0.2 CVE-2014-9508
composer PHP:TYPO3-CMS-2014-9508 Possible link spoofing on the homepage when anchors are used medium 2014-12-10T10:07:58
(9 years ago)
Affected >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.14 >= 7.0.0, < 7.1.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 composer PHP:TYPO3-CMS-2015-07-01-1 Access bypass when editing file metadata 2015-07-01T14:16:00
(9 years ago)
Affected >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 >= 7.0.0, < 7.1.0 >= 6.2.0, < 6.2.14 >= 7.1.0, < 7.2.0 composer PHP:TYPO3-CMS-2015-07-01-2 Frontend login Session Fixation 2015-07-01T14:16:00
(9 years ago)
Affected >= 6.2.0, < 6.2.14 >= 7.1.0, < 7.2.0 >= 7.3.0, < 7.3.1 >= 7.2.0, < 7.3.0 >= 7.0.0, < 7.1.0 composer PHP:TYPO3-CMS-2015-07-01-3 Cross-Site Scripting exploitable by Editors 2015-07-01T14:20:00
(9 years ago)
Affected >= 7.0.0, < 7.1.0 >= 7.3.0, < 7.3.1 >= 7.2.0, < 7.3.0 >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.14 composer PHP:TYPO3-CMS-2015-07-01-4 Information Disclosure possibility exploitable by Editors 2015-07-01T14:16:00
(9 years ago)
Affected >= 7.0.0, < 7.1.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.14 composer PHP:TYPO3-CMS-2015-07-01-5 Brute Force Protection Bypass in backend login 2015-07-01T14:16:00
(9 years ago)
Affected >= 7.3.0, < 7.4.0 >= 7.2.0, < 7.3.0 >= 7.0.0, < 7.1.0 >= 6.2.0, < 6.2.15 >= 7.1.0, < 7.2.0 composer PHP:TYPO3-CMS-2015-09-08-1 Frontend: Unauthenticated Path Disclosure 2015-09-08T10:57:00
(9 years ago)
Affected >= 7.6.0, < 7.6.1 >= 7.5.0, < 7.6.0 >= 6.2.0, < 6.2.16 >= 7.1.0, < 7.2.0 >= 7.4.0, < 7.5.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.4.0 >= 7.0.0, < 7.1.0 composer PHP:TYPO3-CMS-2015-12-15-1 Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend 2015-12-15T11:38:00
(8 years ago)
Affected >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.16 >= 7.5.0, < 7.6.0 >= 7.0.0, < 7.1.0 >= 7.3.0, < 7.4.0 >= 7.4.0, < 7.5.0 >= 7.2.0, < 7.3.0 >= 7.6.0, < 7.6.1 composer PHP:TYPO3-CMS-2015-12-15-2 Cross-Site Scripting vulnerability in typolinks 2015-12-15T11:38:00
(8 years ago)
Affected >= 7.4.0, < 7.5.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.4.0 >= 7.0.0, < 7.1.0 >= 6.2.0, < 6.2.16 >= 7.5.0, < 7.6.0 >= 7.1.0, < 7.2.0 >= 7.6.0, < 7.6.1 composer PHP:TYPO3-CMS-2015-12-15-3 Multiple Cross-Site Scripting vulnerabilities in frontend 2015-12-15T11:38:00
(8 years ago)
Affected >= 6.2.0, < 6.2.16 composer PHP:TYPO3-CMS-2015-12-15-4 TYPO3 is susceptible to Cross-Site Flashing 2015-12-15T11:38:00
(8 years ago)
Affected >= 6.2.0, < 6.2.16 composer PHP:TYPO3-CMS-2015-12-15-5 Cross-Site Scripting in TYPO3 component Indexed Search 2015-12-15T11:38:00
(8 years ago)
Affected >= 6.2.0, < 6.2.15 >= 7.1.0, < 7.2.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.4.0 >= 7.0.0, < 7.1.0 CVE-2015-5956
composer PHP:TYPO3-CMS-2015-5956 Backend: Non-Persistent Cross-Site Scripting low 2015-09-08T10:59:00
(9 years ago)
Affected >= 6.2.0, < 6.2.18 composer PHP:TYPO3-CMS-2016-02-16-1 SQL Injection in dbal 2016-02-16T12:32:00
(8 years ago)
Affected >= 7.6.0, < 7.6.3 >= 6.2.0, < 6.2.18 composer PHP:TYPO3-CMS-2016-02-16-2 Cross-Site Scripting in link validator component 2016-02-16T12:32:00
(8 years ago)
Affected >= 6.2.0, < 6.2.18 composer PHP:TYPO3-CMS-2016-02-16-3 Cross-Site Scripting in legacy form component 2016-02-16T12:32:00
(8 years ago)
Affected >= 6.2.0, < 6.2.18 composer PHP:TYPO3-CMS-2016-02-16-4 Cross-Site Scripting in form component 2016-02-16T12:32:00
(8 years ago)
Affected >= 6.2.0, < 6.2.19 >= 7.6.0, < 7.6.4 composer PHP:TYPO3-CMS-2016-02-23-1 XML External Entity (XXE) Processing in TYPO3 Core 2016-02-23T12:28:00
(8 years ago)
Affected >= 6.2.0, < 6.2.19 composer PHP:TYPO3-CMS-2016-02-23-2 Cross-Site Scripting in TYPO3 component Backend 2016-02-23T12:28:00
(8 years ago)
Affected >= 6.2.0, < 6.2.19 >= 7.6.0, < 7.6.4 composer PHP:TYPO3-CMS-2016-02-23-3 Cross-Site Scripting in TYPO3 component CSS styled content 2016-02-23T12:28:00
(8 years ago)
Affected >= 6.2.0, < 6.2.19 >= 7.6.0, < 7.6.4 composer PHP:TYPO3-CMS-2016-02-23-4 Denial of Service attack possibility in TYPO3 component Indexed Search 2016-02-23T12:28:00
(8 years ago)
Affected >= 7.6.0, < 7.6.5 >= 8.0.0, < 8.0.1 >= 6.2.0, < 6.2.20 composer PHP:TYPO3-CMS-2016-04-12-1 Cross-Site Scripting in TYPO3 Backend 2016-04-12T12:07:00
(8 years ago)
Affected >= 6.2.0, < 6.2.20 composer PHP:TYPO3-CMS-2016-04-12-2 Arbitrary File Disclosure in Form Component 2016-04-12T12:07:00
(8 years ago)
Affected >= 6.2.0, < 6.2.20 >= 7.6.0, < 7.6.5 >= 8.0.0, < 8.0.1 composer PHP:TYPO3-CMS-2016-04-12-3 Authentication Bypass in TYPO3 CMS 2016-04-12T12:07:00
(8 years ago)
Affected >= 7.6.0, < 7.6.5 >= 8.0.0, < 8.0.1 >= 6.2.0, < 6.2.20 composer PHP:TYPO3-CMS-2016-04-12-4 Privilege Escalation in TYPO3 CMS 2016-04-12T12:07:00
(8 years ago)
Affected >= 6.2.0, < 6.2.25 >= 8.1.0, < 8.1.1 >= 8.0.0, < 8.1.1 >= 7.6.0, < 7.6.8 composer PHP:TYPO3-CMS-2016-05-24-1 Missing Access Check in TYPO3 CMS 2016-05-24T10:39:00
(8 years ago)
Affected >= 8.2.0, < 8.2.1 >= 6.2.0, < 6.2.26 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 composer PHP:TYPO3-CMS-2016-07-19-1 Cross-Site Scripting in TYPO3 Backend 2016-07-19T13:03:00
(8 years ago)
Affected >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 >= 8.2.0, < 8.2.1 >= 6.2.0, < 6.2.26 >= 8.1.0, < 8.2.0 composer PHP:TYPO3-CMS-2016-07-19-2 Insecure Unserialize in TYPO3 Import/Export 2016-07-19T13:03:00
(8 years ago)
Affected >= 6.2.0, < 6.2.26 >= 7.6.0, < 7.6.10 composer PHP:TYPO3-CMS-2016-07-19-3 SQL Injection in TYPO3 Frontend Login 2016-07-19T13:03:00
(8 years ago)
Affected >= 6.2.0, < 6.2.26 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.1 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 composer PHP:TYPO3-CMS-2016-07-19-4 Information Disclosure in TYPO3 Backend 2016-07-19T13:03:00
(8 years ago)
Affected >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 >= 8.2.0, < 8.2.1 >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.26 composer PHP:TYPO3-CMS-2016-07-19-5 Cross-Site Scripting vulnerability in typolinks 2016-07-19T13:03:00
(8 years ago)
Affected >= 7.6.0, < 7.6.10 >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.2.1 >= 8.1.0, < 8.2.0 composer PHP:TYPO3-CMS-2016-07-19-7 Cross-Site Scripting in third party library mso/idna-convert 2016-07-19T13:03:00
(8 years ago)
Affected >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.27 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.1 >= 7.6.0, < 7.6.11 >= 8.0.0, < 8.1.0 composer PHP:TYPO3-CMS-2016-09-14-1 Cross-Site Scripting in TYPO3 Backend 2016-07-13T12:17:00
(8 years ago)
Affected >= 8.3.0, < 8.3.1 >= 6.2.0, < 6.2.27 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.11 composer PHP:TYPO3-CMS-2016-09-14-2 Cache Flooding in TYPO3 Frontend 2016-07-13T12:17:00
(8 years ago)
Affected >= 7.6.0, < 7.6.13 >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.29 >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.1 composer PHP:TYPO3-CMS-2016-11-22-1 Insecure Unserialize in TYPO3 Backend 2016-11-22T10:09:00
(7 years ago)
Affected >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.13 >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.1 >= 8.2.0, < 8.3.0 >= 6.2.0, < 6.2.29 >= 8.1.0, < 8.2.0 composer PHP:TYPO3-CMS-2016-11-22-2 Path Traversal in TYPO3 Core 2016-11-22T10:09:00
(7 years ago)
Affected >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.2.1 >= 8.1.0, < 8.2.0 CVE-2016-5385
composer PHP:TYPO3-CMS-2016-5385 Environment Variable Injection high 2016-07-19T13:03:00
(8 years ago)
Affected >= 7.6.0, < 7.6.15 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.2.0, < 8.3.0 >= 8.5.0, < 8.5.1 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.30 composer PHP:TYPO3-CMS-2017-01-03-1 Remote Code Execution in third party library swiftmailer 2017-01-03T13:29:00
(7 years ago)
Affected >= 8.6.0, < 8.6.1 >= 8.4.0, < 8.5.0 >= 8.3.0, < 8.4.0 >= 8.5.0, < 8.6.0 >= 8.2.0, < 8.3.0 composer PHP:TYPO3-CMS-2017-02-28-1 Authentication Bypass in TYPO3 Frontend 2017-02-28T10:23:00
(7 years ago)
Affected >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.6.1 >= 8.3.0, < 8.4.0 >= 7.6.0, < 7.6.16 >= 8.0.0, < 8.1.0 composer PHP:TYPO3-CMS-2017-02-28-2 Cross-Site Scripting in TYPO3 CMS 2017-02-28T10:23:00
(7 years ago)
Affected >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.5 >= 8.0.0, < 8.1.0 composer PHP:TYPO3-CMS-2017-09-05-1 Cross-Site Scripting in TYPO3 CMS Backend 2017-09-05T11:37:00
(7 years ago)
Affected >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.22 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.5 composer PHP:TYPO3-CMS-2017-09-05-2 Information Disclosure in TYPO3 CMS 2017-09-05T11:37:00
(7 years ago)
Affected >= 8.7.0, < 8.7.5 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.22 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 composer PHP:TYPO3-CMS-2017-09-05-3 Information Disclosure in TYPO3 CMS 2017-09-05T11:37:00
(7 years ago)
Affected >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.7.0, < 8.7.5 >= 8.2.0, < 8.3.0 >= 7.6.0, < 7.6.22 >= 8.0.0, < 8.1.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 composer PHP:TYPO3-CMS-2017-09-05-4 Arbitrary Code Execution in TYPO3 CMS 2017-09-05T11:37:00
(7 years ago)
Affected >= 7.0.0, < 7.6.30 >= 9.0.0, < 9.3.2 >= 8.0.0, < 8.7.17 composer PHP:TYPO3-CMS-2018-07-12-1 Authentication Bypass in TYPO3 CMS 2018-07-12T09:34:56
(6 years ago)
Affected >= 8.0.0, < 8.7.17 >= 7.0.0, < 7.6.30 >= 9.0.0, < 9.3.2 composer PHP:TYPO3-CMS-2018-07-12-2 Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS 2018-07-12T09:34:56
(6 years ago)
Affected >= 9.0.0, < 9.3.2 >= 8.5.0, < 8.7.17 composer PHP:TYPO3-CMS-2018-07-12-3 Privilege Escalation & SQL Injection in TYPO3 CMS 2018-07-12T09:34:56
(6 years ago)
Affected >= 9.0.0, < 9.3.2 >= 8.5.0, < 8.7.17 composer PHP:TYPO3-CMS-2018-07-12-4 Insecure Deserialization in TYPO3 CMS 2018-07-12T09:34:56
(6 years ago)
Affected >= 8.0.0, < 8.7.21 >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 composer PHP:TYPO3-CMS-2018-12-11-1 Cross-Site Scripting in Online Media Asset Rendering 2018-12-11T09:56:06
(5 years ago)
Affected >= 7.0.0, < 7.6.32 >= 9.0.0, < 9.5.2 >= 8.0.0, < 8.7.21 composer PHP:TYPO3-CMS-2018-12-11-2 Cross-Site Scripting in Backend Modal Component 2018-12-11T09:55:12
(5 years ago)
Affected >= 8.0.0, < 8.7.21 >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 composer PHP:TYPO3-CMS-2018-12-11-3 Cross-Site Scripting in Frontend User Login 2018-12-11T09:56:19
(5 years ago)
Affected >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 >= 8.0.0, < 8.7.21 composer PHP:TYPO3-CMS-2018-12-11-4 Security Misconfiguration in Install Tool Cookie 2018-12-11T09:57:20
(5 years ago)
Affected >= 8.0.0, < 8.7.21 >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 composer PHP:TYPO3-CMS-2018-12-11-5 Information Disclosure in Install Tool 2018-12-11T09:56:32
(5 years ago)
Affected >= 8.0.0, < 8.7.21 >= 7.0.0, < 7.6.32 >= 9.0.0, < 9.5.2 composer PHP:TYPO3-CMS-2018-12-11-6 Denial of Service in Online Media Asset Handling 2018-12-11T09:56:38
(5 years ago)
Affected >= 8.0.0, < 8.7.21 >= 7.0.0, < 7.6.32 composer PHP:TYPO3-CMS-2018-12-11-7 Denial of Service in Frontend Record Registration 2018-12-11T09:56:45
(5 years ago)
Affected >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 CVE-2018-14041
composer PHP:TYPO3-CMS-2018-14041 Cross-Site Scripting in Bootstrap CSS toolkit medium 2019-01-22T08:41:33
(5 years ago)
Affected >= 9.0.0, < 9.5.2 >= 8.0.0, < 8.7.21 CVE-2018-17960
composer PHP:TYPO3-CMS-2018-17960 Cross-Site Scripting in CKEditor medium 2018-12-11T09:56:53
(5 years ago)
Affected >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 composer PHP:TYPO3-CMS-2019-01-22-1 Information Disclosure of Installed Extensions 2019-01-22T08:41:04
(5 years ago)
Affected >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 composer PHP:TYPO3-CMS-2019-01-22-2 Security Misconfiguration for Backend User Accounts 2019-01-22T08:41:12
(5 years ago)
Affected >= 8.0.0, < 8.7.23 composer PHP:TYPO3-CMS-2019-01-22-3 Broken Access Control in Localization Handling 2019-01-22T08:41:19
(5 years ago)
Affected >= 9.0.0, < 9.5.4 >= 8.0.0, < 8.7.23 composer PHP:TYPO3-CMS-2019-01-22-4 Cross-Site Scripting in Fluid ViewHelpers 2019-01-22T08:42:16
(5 years ago)
Affected >= 9.0.0, < 9.5.4 >= 8.0.0, < 8.7.23 composer PHP:TYPO3-CMS-2019-01-22-6 Cross-Site Scripting in Form Framework 2019-01-22T08:42:34
(5 years ago)
Affected >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 composer PHP:TYPO3-CMS-2019-01-22-7 Arbitrary Code Execution via File List Module 2019-01-22T08:41:47
(5 years ago)
Affected >= 9.0.0, < 9.5.4 composer PHP:TYPO3-CMS-2019-01-22-8 Cross-Site Scripting in Language Pack Handling 2019-01-22T08:42:09
(5 years ago)
Affected >= 9.0.0, < 9.5.6 >= 8.0.0, < 8.7.25 composer PHP:TYPO3-CMS-2019-05-07-2 Security Misconfiguration in User Session Handling 2019-05-07T09:43:18
(5 years ago)
Affected >= 9.0.0, < 9.5.6 composer PHP:TYPO3-CMS-2019-05-07-4 Information Disclosure in Page Tree 2019-05-07T09:42:43
(5 years ago)
Affected >= 9.0.0, < 9.5.6 composer PHP:TYPO3-CMS-2019-05-07-5 Information Disclosure in User Authentication 2019-05-07T09:43:01
(5 years ago)
Affected >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 composer PHP:TYPO3-CMS-2019-06-25-1 Information Disclosure in Backend User Interface 2019-06-25T06:38:40
(5 years ago)
Affected >= 9.0.0, < 9.5.8 >= 8.0.0, < 8.7.27 composer PHP:TYPO3-CMS-2019-06-25-3 Security Misconfiguration in Frontend Session Handling 2019-06-25T06:40:30
(5 years ago)
Affected >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 composer PHP:TYPO3-CMS-2019-06-25-4 Arbitrary Code Execution and Cross-Site Scripting in Backend API 2019-06-25T06:39:18
(5 years ago)
Affected >= 9.0.0, < 9.5.8 composer PHP:TYPO3-CMS-2019-06-25-7 Broken Access Control in Import Module 2019-06-25T06:40:18
(5 years ago)
Affected >= 9.0.0, < 9.5.8 CVE-2019-10912
composer PHP:TYPO3-CMS-2019-10912 Possible deserialization side-effects in symfony/cache high 2019-06-25T06:40:06
(5 years ago)
Affected >= 8.0.0, < 8.7.25 >= 9.0.0, < 9.5.6 CVE-2019-11832
composer PHP:TYPO3-CMS-2019-11832 Possible Arbitrary Code Execution in Image Processing high 2019-05-07T09:42:26
(5 years ago)
Affected >= 9.0.0, < 9.5.12 >= 10.0.0, < 10.2.1 >= 8.0.0, < 8.7.30 composer PHP:TYPO3-CMS-2019-12-17-1 Cross-Site Scripting in Form Framework validation handling 2019-12-17T09:51:24
(4 years ago)
Affected >= 9.0.0, < 9.5.12 >= 10.0.0, < 10.2.1 >= 8.0.0, < 8.7.30 composer PHP:TYPO3-CMS-2019-12-17-2 Cross-Site Scripting in Link Handling 2019-12-17T09:51:32
(4 years ago)
Affected >= 8.0.0, < 8.7.30 >= 10.0.0, < 10.2.1 >= 9.0.0, < 9.5.12 composer PHP:TYPO3-CMS-2019-12-17-3 Cross-Site Scripting in Filelist Module 2019-12-17T09:50:39
(4 years ago)
Affected >= 9.0.0, < 9.5.12 >= 8.0.0, < 8.7.30 composer PHP:TYPO3-CMS-2019-12-17-7 Possible Insecure Deserialization in Extbase Request Handling 2019-12-17T09:51:18
(4 years ago)
Affected >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 CVE-2019-12747
composer PHP:TYPO3-CMS-2019-12747 Insecure Deserialization in TYPO3 CMS high 2019-06-25T06:39:30
(5 years ago)
Affected >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 CVE-2019-12748
composer PHP:TYPO3-CMS-2019-12748 Cross-Site Scripting in Link Handling medium 2019-06-25T06:38:52
(5 years ago)
Affected >= 9.0.0, < 9.5.12 >= 8.0.0, < 8.7.30 >= 10.0.0, < 10.2.1 CVE-2019-19848
composer PHP:TYPO3-CMS-2019-19848 Directory Traversal on ZIP extraction high 2019-12-17T09:51:45
(4 years ago)
Affected >= 8.0.0, < 8.7.30 >= 10.0.0, < 10.2.1 >= 9.0.0, < 9.5.12 CVE-2019-19849
composer PHP:TYPO3-CMS-2019-19849 Insecure Deserialization in Query Generator &amp; Query View high 2019-12-17T09:51:12
(4 years ago)
Affected >= 10.0.0, < 10.2.1 >= 8.0.0, < 8.7.30 >= 9.0.0, < 9.5.12 CVE-2019-19850
composer PHP:TYPO3-CMS-2019-19850 SQL Injection in low-level Query Generator high 2019-12-17T09:52:30
(4 years ago)
Affected >= 10.0.0, < 10.4.2 CVE-2020-11063
composer PHP:TYPO3-CMS-2020-11063 TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset low 2020-05-12T09:21:43
(4 years ago)
Affected >= 9.0.0, < 9.5.17 >= 10.0.0, < 10.4.2 CVE-2020-11064
composer PHP:TYPO3-CMS-2020-11064 TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine medium 2020-05-12T09:21:07
(4 years ago)
Affected >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 CVE-2020-11065
composer PHP:TYPO3-CMS-2020-11065 TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling medium 2020-05-12T09:21:59
(4 years ago)
Affected >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 CVE-2020-11066
composer PHP:TYPO3-CMS-2020-11066 TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized critical 2020-05-12T09:22:06
(4 years ago)
Affected >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 CVE-2020-11067
composer PHP:TYPO3-CMS-2020-11067 TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings high 2020-05-12T09:22:12
(4 years ago)
Affected >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 CVE-2020-11069
composer PHP:TYPO3-CMS-2020-11069 TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface high 2020-05-12T09:22:19
(4 years ago)
Affected >= 10.0.0, < 10.4.6 >= 9.0.0, < 9.5.20 CVE-2020-15098
composer PHP:TYPO3-CMS-2020-15098 TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure high 2020-07-28T08:19:06
(4 years ago)
Affected >= 9.0.0, < 9.5.20 >= 10.0.0, < 10.4.6 CVE-2020-15099
composer PHP:TYPO3-CMS-2020-15099 TYPO3-CORE-SA-2020-007: Potential Privilege Escalation high 2020-07-28T08:18:30
(4 years ago)
Affected >= 9.0.0, < 9.5.6 >= 8.0.0, < 8.7.25 CVE-2020-15241
composer PHP:TYPO3-CMS-2020-15241 Cross-Site Scripting in Fluid Engine medium 2019-05-07T09:33:52
(5 years ago)
Affected >= 8.7.0, < 8.7.38 >= 10.0.0, < 10.4.10 >= 9.0.0, < 9.5.23 CVE-2020-26227
composer PHP:TYPO3-CMS-2020-26227 TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers medium 2020-11-17T08:55:33
(3 years ago)
Affected >= 10.0.0, < 10.4.10 >= 8.7.0, < 8.7.38 >= 9.0.0, < 9.5.23 CVE-2020-26228
composer PHP:TYPO3-CMS-2020-26228 TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier high 2020-11-17T08:51:11
(3 years ago)
Affected >= 10.0.0, < 10.4.10 CVE-2020-26229
composer PHP:TYPO3-CMS-2020-26229 TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget low 2020-11-17T08:51:21
(3 years ago)
Affected >= 9.0.0, < 9.5.25 >= 10.0.0, < 10.4.14 >= 11.0.0, < 11.1.1 CVE-2021-21338
composer PHP:TYPO3-CMS-2021-21338 TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling medium 2021-03-16T08:57:07
(3 years ago)
Affected >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 >= 9.0.0, < 9.5.25 CVE-2021-21339
composer PHP:TYPO3-CMS-2021-21339 TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier high 2021-03-16T09:03:23
(3 years ago)
Affected >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 CVE-2021-21340
composer PHP:TYPO3-CMS-2021-21340 TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview medium 2021-03-16T09:03:36
(3 years ago)
Affected >= 9.0.0, < 9.5.25 >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 CVE-2021-21355
composer PHP:TYPO3-CMS-2021-21355 TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework high 2021-03-16T08:57:27
(3 years ago)
Affected >= 10.0.0, < 10.4.14 >= 11.0.0, < 11.1.1 >= 9.0.0, < 9.5.25 CVE-2021-21357
composer PHP:TYPO3-CMS-2021-21357 TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework high 2021-03-16T08:59:40
(3 years ago)
Affected >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 CVE-2021-21358
composer PHP:TYPO3-CMS-2021-21358 TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework medium 2021-03-16T09:02:46
(3 years ago)
Affected >= 9.0.0, < 9.5.25 >= 10.0.0, < 10.4.14 >= 11.0.0, < 11.1.1 CVE-2021-21359
composer PHP:TYPO3-CMS-2021-21359 TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling high 2021-03-16T08:58:04
(3 years ago)
Affected >= 9.0.0, < 9.5.25 >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 CVE-2021-21370
composer PHP:TYPO3-CMS-2021-21370 TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview medium 2021-03-16T08:58:42
(3 years ago)
Affected >= 9.0.0, < 9.5.28 >= 11.0.0, < 11.3.1 >= 10.0.0, < 10.4.18 CVE-2021-32667
composer PHP:TYPO3-CMS-2021-32667 TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview medium 2021-07-20T09:14:15
(3 years ago)
Affected >= 9.0.0, < 9.5.28 >= 10.0.0, < 10.4.18 >= 11.0.0, < 11.3.1 CVE-2021-32668
composer PHP:TYPO3-CMS-2021-32668 TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator &amp; Query View medium 2021-07-20T09:14:31
(3 years ago)
Affected >= 9.0.0, < 9.5.28 >= 11.0.0, < 11.3.1 >= 10.0.0, < 10.4.18 CVE-2021-32669
composer PHP:TYPO3-CMS-2021-32669 TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View medium 2021-07-20T09:14:46
(3 years ago)
Affected >= 11.0.0, < 11.3.1 >= 10.0.0, < 10.4.18 >= 9.0.0, < 9.5.28 CVE-2021-32767
composer PHP:TYPO3-CMS-2021-32767 TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication medium 2021-07-20T09:18:25
(3 years ago)
Affected >= 10.0.0, < 10.4.19 >= 11.0.0, < 11.3.2 >= 9.0.0, < 9.5.29 CVE-2021-32768
composer PHP:TYPO3-CMS-2021-32768 TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content medium 2021-08-10T07:50:53
(3 years ago)
Affected >= 11.2.0, < 11.5.0 CVE-2021-41113
composer PHP:TYPO3-CMS-2021-41113 TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling high 2021-10-05T11:02:10
(2 years ago)
Affected >= 11.0.0, < 11.5.0 CVE-2021-41114
composer PHP:TYPO3-CMS-2021-41114 TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling medium 2021-10-05T11:02:47
(2 years ago)
Affected >= 10.0.0, < 10.4.33 >= 11.0.0, < 11.5.20 >= 12.0.0, < 12.1.1 CVE-2022-23499
composer PHP:TYPO3-CMS-2022-23499 TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer medium 2022-12-13T09:19:37
(21 months ago)
Affected >= 10.0.0, < 10.4.33 >= 11.0.0, < 11.5.20 CVE-2022-23500
composer PHP:TYPO3-CMS-2022-23500 TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling high 2022-12-13T09:18:48
(21 months ago)
Affected >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 >= 12.0.0, < 12.1.1 CVE-2022-23501
composer PHP:TYPO3-CMS-2022-23501 TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login medium 2022-12-13T09:19:57
(21 months ago)
Affected >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 >= 12.0.0, < 12.1.1 CVE-2022-23502
composer PHP:TYPO3-CMS-2022-23502 TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset medium 2022-12-13T09:20:08
(21 months ago)
Affected >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 >= 12.0.0, < 12.1.1 CVE-2022-23503
composer PHP:TYPO3-CMS-2022-23503 TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework high 2022-12-13T09:20:17
(21 months ago)
Affected >= 12.0.0, < 12.1.1 >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 CVE-2022-23504
composer PHP:TYPO3-CMS-2022-23504 TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration medium 2022-12-13T09:21:07
(21 months ago)
Affected >= 10.0.0, < 10.4.29 >= 11.0.0, < 11.5.11 CVE-2022-31046
composer PHP:TYPO3-CMS-2022-31046 TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module medium 2022-06-14T07:11:18
(2 years ago)
Affected >= 10.0.0, < 10.4.29 >= 11.0.0, < 11.5.11 CVE-2022-31047
composer PHP:TYPO3-CMS-2022-31047 TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger medium 2022-06-14T07:11:27
(2 years ago)
Affected >= 10.0.0, < 10.4.29 >= 11.0.0, < 11.5.11 CVE-2022-31048
composer PHP:TYPO3-CMS-2022-31048 TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework medium 2022-06-14T07:11:36
(2 years ago)
Affected >= 11.0.0, < 11.5.11 >= 10.0.0, < 10.4.29 CVE-2022-31049
composer PHP:TYPO3-CMS-2022-31049 TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer medium 2022-06-14T07:12:40
(2 years ago)
Affected >= 11.0.0, < 11.5.11 >= 10.0.0, < 10.4.29 CVE-2022-31050
composer PHP:TYPO3-CMS-2022-31050 TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool high 2022-06-14T07:12:52
(2 years ago)
Affected >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 CVE-2022-36020
composer PHP:TYPO3-CMS-2022-36020 TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer medium 2022-09-13T08:07:02
(2 years ago)
Affected >= 11.0.0, < 11.5.16 CVE-2022-36104
composer PHP:TYPO3-CMS-2022-36104 TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling high 2022-09-13T08:07:10
(2 years ago)
Affected >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 CVE-2022-36105
composer PHP:TYPO3-CMS-2022-36105 TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing medium 2022-09-13T08:06:22
(2 years ago)
Affected >= 11.0.0, < 11.5.16 >= 10.0.0, < 10.4.32 CVE-2022-36106
composer PHP:TYPO3-CMS-2022-36106 TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users medium 2022-09-13T08:07:29
(2 years ago)
Affected >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 CVE-2022-36107
composer PHP:TYPO3-CMS-2022-36107 TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController medium 2022-09-13T08:06:41
(2 years ago)
Affected >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 CVE-2022-36108
composer PHP:TYPO3-CMS-2022-36108 TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper medium 2022-09-13T08:06:53
(2 years ago)
Affected >= 12.0.0, < 12.2.0 >= 11.0.0, < 11.5.23 >= 10.0.0, < 10.4.35 CVE-2023-24814
composer PHP:TYPO3-CMS-2023-24814 TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering medium 2023-02-07T09:25:10
(19 months ago)