pkg:composer/typo3/cms
Type
composer
Namespace
typo3
Name
cms
Known advisories, vulnerabilities and fixes for cms package.
- Repository
- https://packagist.org/packages/typo3/cms
Critical
1
High
22
Medium
36
Low
4
None
73
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 6.2.0, < 6.2.6 |
CVE-2013-4701
|
PHP:TYPO3-CMS-2013-4701 | Denial of Service in OpenID System Extension | high |
2014-10-22T09:14:28
(10 years ago) |
|
Affected | >= 6.2.0, < 6.2.14 >= 7.1.0, < 7.2.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 >= 7.0.0, < 7.1.0 |
CVE-2013-7341
|
PHP:TYPO3-CMS-2013-7341 | Cross-Site Scripting in 3rd party library Flowplayer | medium |
2015-07-01T14:23:00
(9 years ago) |
|
Affected | >= 6.2.0, < 6.2.3 | PHP:TYPO3-CMS-2014-05-22-1 | The ExtJS JavaScript framework that is shipped with TYPO3 is susceptible to XSS |
2014-05-22T07:34:03
(10 years ago) |
|||
Affected | >= 6.2.0, < 6.2.6 | PHP:TYPO3-CMS-2014-10-22-2 | Arbitrary Shell Execution in Swiftmailer library |
2014-10-22T09:14:25
(10 years ago) |
|||
Affected | >= 7.0.0, < 7.0.2 >= 6.2.0, < 6.2.9 | PHP:TYPO3-CMS-2014-12-09-2 | Possible cache poisining on the homepage when anchors are used |
2014-12-10T10:08:02
(9 years ago) |
|||
Affected | >= 6.2.0, < 6.2.3 |
CVE-2014-3941
|
PHP:TYPO3-CMS-2014-3941 | Possible Host Spoofing through SERVER_NAME | medium |
2014-05-22T09:34:08
(10 years ago) |
|
Affected | >= 6.2.0, < 6.2.3 |
CVE-2014-3943
|
PHP:TYPO3-CMS-2014-3943 | Failing to properly encode user input, several backend components are susceptible to XSS | low |
2014-05-22T09:34:03
(10 years ago) |
|
Affected | >= 6.2.0, < 6.2.3 |
CVE-2014-3944
|
PHP:TYPO3-CMS-2014-3944 | Improper Session Invalidation | medium |
2014-05-22T09:33:36
(10 years ago) |
|
Affected | >= 6.2.0, < 6.2.3 |
CVE-2014-3946
|
PHP:TYPO3-CMS-2014-3946 | Information disclosure in the Extbase framework | medium |
2014-05-22T09:33:36
(10 years ago) |
|
Affected | >= 6.2.0, < 6.2.9 >= 7.0.0, < 7.0.2 |
CVE-2014-9508
|
PHP:TYPO3-CMS-2014-9508 | Possible link spoofing on the homepage when anchors are used | medium |
2014-12-10T10:07:58
(9 years ago) |
|
Affected | >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.14 >= 7.0.0, < 7.1.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 | PHP:TYPO3-CMS-2015-07-01-1 | Access bypass when editing file metadata |
2015-07-01T14:16:00
(9 years ago) |
|||
Affected | >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 >= 7.0.0, < 7.1.0 >= 6.2.0, < 6.2.14 >= 7.1.0, < 7.2.0 | PHP:TYPO3-CMS-2015-07-01-2 | Frontend login Session Fixation |
2015-07-01T14:16:00
(9 years ago) |
|||
Affected | >= 6.2.0, < 6.2.14 >= 7.1.0, < 7.2.0 >= 7.3.0, < 7.3.1 >= 7.2.0, < 7.3.0 >= 7.0.0, < 7.1.0 | PHP:TYPO3-CMS-2015-07-01-3 | Cross-Site Scripting exploitable by Editors |
2015-07-01T14:20:00
(9 years ago) |
|||
Affected | >= 7.0.0, < 7.1.0 >= 7.3.0, < 7.3.1 >= 7.2.0, < 7.3.0 >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.14 | PHP:TYPO3-CMS-2015-07-01-4 | Information Disclosure possibility exploitable by Editors |
2015-07-01T14:16:00
(9 years ago) |
|||
Affected | >= 7.0.0, < 7.1.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.3.1 >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.14 | PHP:TYPO3-CMS-2015-07-01-5 | Brute Force Protection Bypass in backend login |
2015-07-01T14:16:00
(9 years ago) |
|||
Affected | >= 7.3.0, < 7.4.0 >= 7.2.0, < 7.3.0 >= 7.0.0, < 7.1.0 >= 6.2.0, < 6.2.15 >= 7.1.0, < 7.2.0 | PHP:TYPO3-CMS-2015-09-08-1 | Frontend: Unauthenticated Path Disclosure |
2015-09-08T10:57:00
(9 years ago) |
|||
Affected | >= 7.6.0, < 7.6.1 >= 7.5.0, < 7.6.0 >= 6.2.0, < 6.2.16 >= 7.1.0, < 7.2.0 >= 7.4.0, < 7.5.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.4.0 >= 7.0.0, < 7.1.0 | PHP:TYPO3-CMS-2015-12-15-1 | Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend |
2015-12-15T11:38:00
(8 years ago) |
|||
Affected | >= 7.1.0, < 7.2.0 >= 6.2.0, < 6.2.16 >= 7.5.0, < 7.6.0 >= 7.0.0, < 7.1.0 >= 7.3.0, < 7.4.0 >= 7.4.0, < 7.5.0 >= 7.2.0, < 7.3.0 >= 7.6.0, < 7.6.1 | PHP:TYPO3-CMS-2015-12-15-2 | Cross-Site Scripting vulnerability in typolinks |
2015-12-15T11:38:00
(8 years ago) |
|||
Affected | >= 7.4.0, < 7.5.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.4.0 >= 7.0.0, < 7.1.0 >= 6.2.0, < 6.2.16 >= 7.5.0, < 7.6.0 >= 7.1.0, < 7.2.0 >= 7.6.0, < 7.6.1 | PHP:TYPO3-CMS-2015-12-15-3 | Multiple Cross-Site Scripting vulnerabilities in frontend |
2015-12-15T11:38:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.16 | PHP:TYPO3-CMS-2015-12-15-4 | TYPO3 is susceptible to Cross-Site Flashing |
2015-12-15T11:38:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.16 | PHP:TYPO3-CMS-2015-12-15-5 | Cross-Site Scripting in TYPO3 component Indexed Search |
2015-12-15T11:38:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.15 >= 7.1.0, < 7.2.0 >= 7.2.0, < 7.3.0 >= 7.3.0, < 7.4.0 >= 7.0.0, < 7.1.0 |
CVE-2015-5956
|
PHP:TYPO3-CMS-2015-5956 | Backend: Non-Persistent Cross-Site Scripting | low |
2015-09-08T10:59:00
(9 years ago) |
|
Affected | >= 6.2.0, < 6.2.18 | PHP:TYPO3-CMS-2016-02-16-1 | SQL Injection in dbal |
2016-02-16T12:32:00
(8 years ago) |
|||
Affected | >= 7.6.0, < 7.6.3 >= 6.2.0, < 6.2.18 | PHP:TYPO3-CMS-2016-02-16-2 | Cross-Site Scripting in link validator component |
2016-02-16T12:32:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.18 | PHP:TYPO3-CMS-2016-02-16-3 | Cross-Site Scripting in legacy form component |
2016-02-16T12:32:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.18 | PHP:TYPO3-CMS-2016-02-16-4 | Cross-Site Scripting in form component |
2016-02-16T12:32:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.19 >= 7.6.0, < 7.6.4 | PHP:TYPO3-CMS-2016-02-23-1 | XML External Entity (XXE) Processing in TYPO3 Core |
2016-02-23T12:28:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.19 | PHP:TYPO3-CMS-2016-02-23-2 | Cross-Site Scripting in TYPO3 component Backend |
2016-02-23T12:28:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.19 >= 7.6.0, < 7.6.4 | PHP:TYPO3-CMS-2016-02-23-3 | Cross-Site Scripting in TYPO3 component CSS styled content |
2016-02-23T12:28:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.19 >= 7.6.0, < 7.6.4 | PHP:TYPO3-CMS-2016-02-23-4 | Denial of Service attack possibility in TYPO3 component Indexed Search |
2016-02-23T12:28:00
(8 years ago) |
|||
Affected | >= 7.6.0, < 7.6.5 >= 8.0.0, < 8.0.1 >= 6.2.0, < 6.2.20 | PHP:TYPO3-CMS-2016-04-12-1 | Cross-Site Scripting in TYPO3 Backend |
2016-04-12T12:07:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.20 | PHP:TYPO3-CMS-2016-04-12-2 | Arbitrary File Disclosure in Form Component |
2016-04-12T12:07:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.20 >= 7.6.0, < 7.6.5 >= 8.0.0, < 8.0.1 | PHP:TYPO3-CMS-2016-04-12-3 | Authentication Bypass in TYPO3 CMS |
2016-04-12T12:07:00
(8 years ago) |
|||
Affected | >= 7.6.0, < 7.6.5 >= 8.0.0, < 8.0.1 >= 6.2.0, < 6.2.20 | PHP:TYPO3-CMS-2016-04-12-4 | Privilege Escalation in TYPO3 CMS |
2016-04-12T12:07:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.25 >= 8.1.0, < 8.1.1 >= 8.0.0, < 8.1.1 >= 7.6.0, < 7.6.8 | PHP:TYPO3-CMS-2016-05-24-1 | Missing Access Check in TYPO3 CMS |
2016-05-24T10:39:00
(8 years ago) |
|||
Affected | >= 8.2.0, < 8.2.1 >= 6.2.0, < 6.2.26 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 | PHP:TYPO3-CMS-2016-07-19-1 | Cross-Site Scripting in TYPO3 Backend |
2016-07-19T13:03:00
(8 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 >= 8.2.0, < 8.2.1 >= 6.2.0, < 6.2.26 >= 8.1.0, < 8.2.0 | PHP:TYPO3-CMS-2016-07-19-2 | Insecure Unserialize in TYPO3 Import/Export |
2016-07-19T13:03:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.26 >= 7.6.0, < 7.6.10 | PHP:TYPO3-CMS-2016-07-19-3 | SQL Injection in TYPO3 Frontend Login |
2016-07-19T13:03:00
(8 years ago) |
|||
Affected | >= 6.2.0, < 6.2.26 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.2.1 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 | PHP:TYPO3-CMS-2016-07-19-4 | Information Disclosure in TYPO3 Backend |
2016-07-19T13:03:00
(8 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.10 >= 8.2.0, < 8.2.1 >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.26 | PHP:TYPO3-CMS-2016-07-19-5 | Cross-Site Scripting vulnerability in typolinks |
2016-07-19T13:03:00
(8 years ago) |
|||
Affected | >= 7.6.0, < 7.6.10 >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.2.1 >= 8.1.0, < 8.2.0 | PHP:TYPO3-CMS-2016-07-19-7 | Cross-Site Scripting in third party library mso/idna-convert |
2016-07-19T13:03:00
(8 years ago) |
|||
Affected | >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.27 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.3.1 >= 7.6.0, < 7.6.11 >= 8.0.0, < 8.1.0 | PHP:TYPO3-CMS-2016-09-14-1 | Cross-Site Scripting in TYPO3 Backend |
2016-07-13T12:17:00
(8 years ago) |
|||
Affected | >= 8.3.0, < 8.3.1 >= 6.2.0, < 6.2.27 >= 8.1.0, < 8.2.0 >= 8.2.0, < 8.3.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.11 | PHP:TYPO3-CMS-2016-09-14-2 | Cache Flooding in TYPO3 Frontend |
2016-07-13T12:17:00
(8 years ago) |
|||
Affected | >= 7.6.0, < 7.6.13 >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.3.0 >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.29 >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.1 | PHP:TYPO3-CMS-2016-11-22-1 | Insecure Unserialize in TYPO3 Backend |
2016-11-22T10:09:00
(7 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.13 >= 8.3.0, < 8.4.0 >= 8.4.0, < 8.4.1 >= 8.2.0, < 8.3.0 >= 6.2.0, < 6.2.29 >= 8.1.0, < 8.2.0 | PHP:TYPO3-CMS-2016-11-22-2 | Path Traversal in TYPO3 Core |
2016-11-22T10:09:00
(7 years ago) |
|||
Affected | >= 8.0.0, < 8.1.0 >= 8.2.0, < 8.2.1 >= 8.1.0, < 8.2.0 |
CVE-2016-5385
|
PHP:TYPO3-CMS-2016-5385 | Environment Variable Injection | high |
2016-07-19T13:03:00
(8 years ago) |
|
Affected | >= 7.6.0, < 7.6.15 >= 8.0.0, < 8.1.0 >= 8.3.0, < 8.4.0 >= 8.2.0, < 8.3.0 >= 8.5.0, < 8.5.1 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 6.2.0, < 6.2.30 | PHP:TYPO3-CMS-2017-01-03-1 | Remote Code Execution in third party library swiftmailer |
2017-01-03T13:29:00
(7 years ago) |
|||
Affected | >= 8.6.0, < 8.6.1 >= 8.4.0, < 8.5.0 >= 8.3.0, < 8.4.0 >= 8.5.0, < 8.6.0 >= 8.2.0, < 8.3.0 | PHP:TYPO3-CMS-2017-02-28-1 | Authentication Bypass in TYPO3 Frontend |
2017-02-28T10:23:00
(7 years ago) |
|||
Affected | >= 8.1.0, < 8.2.0 >= 8.4.0, < 8.5.0 >= 8.5.0, < 8.6.0 >= 8.2.0, < 8.3.0 >= 8.6.0, < 8.6.1 >= 8.3.0, < 8.4.0 >= 7.6.0, < 7.6.16 >= 8.0.0, < 8.1.0 | PHP:TYPO3-CMS-2017-02-28-2 | Cross-Site Scripting in TYPO3 CMS |
2017-02-28T10:23:00
(7 years ago) |
|||
Affected | >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.5 >= 8.0.0, < 8.1.0 | PHP:TYPO3-CMS-2017-09-05-1 | Cross-Site Scripting in TYPO3 CMS Backend |
2017-09-05T11:37:00
(7 years ago) |
|||
Affected | >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.22 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.2.0, < 8.3.0 >= 8.7.0, < 8.7.5 | PHP:TYPO3-CMS-2017-09-05-2 | Information Disclosure in TYPO3 CMS |
2017-09-05T11:37:00
(7 years ago) |
|||
Affected | >= 8.7.0, < 8.7.5 >= 8.2.0, < 8.3.0 >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.0.0, < 8.1.0 >= 7.6.0, < 7.6.22 >= 8.1.0, < 8.2.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 | PHP:TYPO3-CMS-2017-09-05-3 | Information Disclosure in TYPO3 CMS |
2017-09-05T11:37:00
(7 years ago) |
|||
Affected | >= 8.3.0, < 8.4.0 >= 8.6.0, < 8.7.0 >= 8.7.0, < 8.7.5 >= 8.2.0, < 8.3.0 >= 7.6.0, < 7.6.22 >= 8.0.0, < 8.1.0 >= 8.5.0, < 8.6.0 >= 8.4.0, < 8.5.0 >= 8.1.0, < 8.2.0 | PHP:TYPO3-CMS-2017-09-05-4 | Arbitrary Code Execution in TYPO3 CMS |
2017-09-05T11:37:00
(7 years ago) |
|||
Affected | >= 7.0.0, < 7.6.30 >= 9.0.0, < 9.3.2 >= 8.0.0, < 8.7.17 | PHP:TYPO3-CMS-2018-07-12-1 | Authentication Bypass in TYPO3 CMS |
2018-07-12T09:34:56
(6 years ago) |
|||
Affected | >= 8.0.0, < 8.7.17 >= 7.0.0, < 7.6.30 >= 9.0.0, < 9.3.2 | PHP:TYPO3-CMS-2018-07-12-2 | Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS |
2018-07-12T09:34:56
(6 years ago) |
|||
Affected | >= 9.0.0, < 9.3.2 >= 8.5.0, < 8.7.17 | PHP:TYPO3-CMS-2018-07-12-3 | Privilege Escalation & SQL Injection in TYPO3 CMS |
2018-07-12T09:34:56
(6 years ago) |
|||
Affected | >= 9.0.0, < 9.3.2 >= 8.5.0, < 8.7.17 | PHP:TYPO3-CMS-2018-07-12-4 | Insecure Deserialization in TYPO3 CMS |
2018-07-12T09:34:56
(6 years ago) |
|||
Affected | >= 8.0.0, < 8.7.21 >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 | PHP:TYPO3-CMS-2018-12-11-1 | Cross-Site Scripting in Online Media Asset Rendering |
2018-12-11T09:56:06
(5 years ago) |
|||
Affected | >= 7.0.0, < 7.6.32 >= 9.0.0, < 9.5.2 >= 8.0.0, < 8.7.21 | PHP:TYPO3-CMS-2018-12-11-2 | Cross-Site Scripting in Backend Modal Component |
2018-12-11T09:55:12
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.21 >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 | PHP:TYPO3-CMS-2018-12-11-3 | Cross-Site Scripting in Frontend User Login |
2018-12-11T09:56:19
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 >= 8.0.0, < 8.7.21 | PHP:TYPO3-CMS-2018-12-11-4 | Security Misconfiguration in Install Tool Cookie |
2018-12-11T09:57:20
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.21 >= 9.0.0, < 9.5.2 >= 7.0.0, < 7.6.32 | PHP:TYPO3-CMS-2018-12-11-5 | Information Disclosure in Install Tool |
2018-12-11T09:56:32
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.21 >= 7.0.0, < 7.6.32 >= 9.0.0, < 9.5.2 | PHP:TYPO3-CMS-2018-12-11-6 | Denial of Service in Online Media Asset Handling |
2018-12-11T09:56:38
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.21 >= 7.0.0, < 7.6.32 | PHP:TYPO3-CMS-2018-12-11-7 | Denial of Service in Frontend Record Registration |
2018-12-11T09:56:45
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 |
CVE-2018-14041
|
PHP:TYPO3-CMS-2018-14041 | Cross-Site Scripting in Bootstrap CSS toolkit | medium |
2019-01-22T08:41:33
(5 years ago) |
|
Affected | >= 9.0.0, < 9.5.2 >= 8.0.0, < 8.7.21 |
CVE-2018-17960
|
PHP:TYPO3-CMS-2018-17960 | Cross-Site Scripting in CKEditor | medium |
2018-12-11T09:56:53
(5 years ago) |
|
Affected | >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 | PHP:TYPO3-CMS-2019-01-22-1 | Information Disclosure of Installed Extensions |
2019-01-22T08:41:04
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 | PHP:TYPO3-CMS-2019-01-22-2 | Security Misconfiguration for Backend User Accounts |
2019-01-22T08:41:12
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.23 | PHP:TYPO3-CMS-2019-01-22-3 | Broken Access Control in Localization Handling |
2019-01-22T08:41:19
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.4 >= 8.0.0, < 8.7.23 | PHP:TYPO3-CMS-2019-01-22-4 | Cross-Site Scripting in Fluid ViewHelpers |
2019-01-22T08:42:16
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.4 >= 8.0.0, < 8.7.23 | PHP:TYPO3-CMS-2019-01-22-6 | Cross-Site Scripting in Form Framework |
2019-01-22T08:42:34
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.23 >= 9.0.0, < 9.5.4 | PHP:TYPO3-CMS-2019-01-22-7 | Arbitrary Code Execution via File List Module |
2019-01-22T08:41:47
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.4 | PHP:TYPO3-CMS-2019-01-22-8 | Cross-Site Scripting in Language Pack Handling |
2019-01-22T08:42:09
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.6 >= 8.0.0, < 8.7.25 | PHP:TYPO3-CMS-2019-05-07-2 | Security Misconfiguration in User Session Handling |
2019-05-07T09:43:18
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.6 | PHP:TYPO3-CMS-2019-05-07-4 | Information Disclosure in Page Tree |
2019-05-07T09:42:43
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.6 | PHP:TYPO3-CMS-2019-05-07-5 | Information Disclosure in User Authentication |
2019-05-07T09:43:01
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 | PHP:TYPO3-CMS-2019-06-25-1 | Information Disclosure in Backend User Interface |
2019-06-25T06:38:40
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.8 >= 8.0.0, < 8.7.27 | PHP:TYPO3-CMS-2019-06-25-3 | Security Misconfiguration in Frontend Session Handling |
2019-06-25T06:40:30
(5 years ago) |
|||
Affected | >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 | PHP:TYPO3-CMS-2019-06-25-4 | Arbitrary Code Execution and Cross-Site Scripting in Backend API |
2019-06-25T06:39:18
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.8 | PHP:TYPO3-CMS-2019-06-25-7 | Broken Access Control in Import Module |
2019-06-25T06:40:18
(5 years ago) |
|||
Affected | >= 9.0.0, < 9.5.8 |
CVE-2019-10912
|
PHP:TYPO3-CMS-2019-10912 | Possible deserialization side-effects in symfony/cache | high |
2019-06-25T06:40:06
(5 years ago) |
|
Affected | >= 8.0.0, < 8.7.25 >= 9.0.0, < 9.5.6 |
CVE-2019-11832
|
PHP:TYPO3-CMS-2019-11832 | Possible Arbitrary Code Execution in Image Processing | high |
2019-05-07T09:42:26
(5 years ago) |
|
Affected | >= 9.0.0, < 9.5.12 >= 10.0.0, < 10.2.1 >= 8.0.0, < 8.7.30 | PHP:TYPO3-CMS-2019-12-17-1 | Cross-Site Scripting in Form Framework validation handling |
2019-12-17T09:51:24
(4 years ago) |
|||
Affected | >= 9.0.0, < 9.5.12 >= 10.0.0, < 10.2.1 >= 8.0.0, < 8.7.30 | PHP:TYPO3-CMS-2019-12-17-2 | Cross-Site Scripting in Link Handling |
2019-12-17T09:51:32
(4 years ago) |
|||
Affected | >= 8.0.0, < 8.7.30 >= 10.0.0, < 10.2.1 >= 9.0.0, < 9.5.12 | PHP:TYPO3-CMS-2019-12-17-3 | Cross-Site Scripting in Filelist Module |
2019-12-17T09:50:39
(4 years ago) |
|||
Affected | >= 9.0.0, < 9.5.12 >= 8.0.0, < 8.7.30 | PHP:TYPO3-CMS-2019-12-17-7 | Possible Insecure Deserialization in Extbase Request Handling |
2019-12-17T09:51:18
(4 years ago) |
|||
Affected | >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 |
CVE-2019-12747
|
PHP:TYPO3-CMS-2019-12747 | Insecure Deserialization in TYPO3 CMS | high |
2019-06-25T06:39:30
(5 years ago) |
|
Affected | >= 8.0.0, < 8.7.27 >= 9.0.0, < 9.5.8 |
CVE-2019-12748
|
PHP:TYPO3-CMS-2019-12748 | Cross-Site Scripting in Link Handling | medium |
2019-06-25T06:38:52
(5 years ago) |
|
Affected | >= 9.0.0, < 9.5.12 >= 8.0.0, < 8.7.30 >= 10.0.0, < 10.2.1 |
CVE-2019-19848
|
PHP:TYPO3-CMS-2019-19848 | Directory Traversal on ZIP extraction | high |
2019-12-17T09:51:45
(4 years ago) |
|
Affected | >= 8.0.0, < 8.7.30 >= 10.0.0, < 10.2.1 >= 9.0.0, < 9.5.12 |
CVE-2019-19849
|
PHP:TYPO3-CMS-2019-19849 | Insecure Deserialization in Query Generator & Query View | high |
2019-12-17T09:51:12
(4 years ago) |
|
Affected | >= 10.0.0, < 10.2.1 >= 8.0.0, < 8.7.30 >= 9.0.0, < 9.5.12 |
CVE-2019-19850
|
PHP:TYPO3-CMS-2019-19850 | SQL Injection in low-level Query Generator | high |
2019-12-17T09:52:30
(4 years ago) |
|
Affected | >= 10.0.0, < 10.4.2 |
CVE-2020-11063
|
PHP:TYPO3-CMS-2020-11063 | TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset | low |
2020-05-12T09:21:43
(4 years ago) |
|
Affected | >= 9.0.0, < 9.5.17 >= 10.0.0, < 10.4.2 |
CVE-2020-11064
|
PHP:TYPO3-CMS-2020-11064 | TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine | medium |
2020-05-12T09:21:07
(4 years ago) |
|
Affected | >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 |
CVE-2020-11065
|
PHP:TYPO3-CMS-2020-11065 | TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling | medium |
2020-05-12T09:21:59
(4 years ago) |
|
Affected | >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 |
CVE-2020-11066
|
PHP:TYPO3-CMS-2020-11066 | TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized | critical |
2020-05-12T09:22:06
(4 years ago) |
|
Affected | >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 |
CVE-2020-11067
|
PHP:TYPO3-CMS-2020-11067 | TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings | high |
2020-05-12T09:22:12
(4 years ago) |
|
Affected | >= 10.0.0, < 10.4.2 >= 9.0.0, < 9.5.17 |
CVE-2020-11069
|
PHP:TYPO3-CMS-2020-11069 | TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface | high |
2020-05-12T09:22:19
(4 years ago) |
|
Affected | >= 10.0.0, < 10.4.6 >= 9.0.0, < 9.5.20 |
CVE-2020-15098
|
PHP:TYPO3-CMS-2020-15098 | TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure | high |
2020-07-28T08:19:06
(4 years ago) |
|
Affected | >= 9.0.0, < 9.5.20 >= 10.0.0, < 10.4.6 |
CVE-2020-15099
|
PHP:TYPO3-CMS-2020-15099 | TYPO3-CORE-SA-2020-007: Potential Privilege Escalation | high |
2020-07-28T08:18:30
(4 years ago) |
|
Affected | >= 9.0.0, < 9.5.6 >= 8.0.0, < 8.7.25 |
CVE-2020-15241
|
PHP:TYPO3-CMS-2020-15241 | Cross-Site Scripting in Fluid Engine | medium |
2019-05-07T09:33:52
(5 years ago) |
|
Affected | >= 8.7.0, < 8.7.38 >= 10.0.0, < 10.4.10 >= 9.0.0, < 9.5.23 |
CVE-2020-26227
|
PHP:TYPO3-CMS-2020-26227 | TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers | medium |
2020-11-17T08:55:33
(3 years ago) |
|
Affected | >= 10.0.0, < 10.4.10 >= 8.7.0, < 8.7.38 >= 9.0.0, < 9.5.23 |
CVE-2020-26228
|
PHP:TYPO3-CMS-2020-26228 | TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier | high |
2020-11-17T08:51:11
(3 years ago) |
|
Affected | >= 10.0.0, < 10.4.10 |
CVE-2020-26229
|
PHP:TYPO3-CMS-2020-26229 | TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget | low |
2020-11-17T08:51:21
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.25 >= 10.0.0, < 10.4.14 >= 11.0.0, < 11.1.1 |
CVE-2021-21338
|
PHP:TYPO3-CMS-2021-21338 | TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling | medium |
2021-03-16T08:57:07
(3 years ago) |
|
Affected | >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 >= 9.0.0, < 9.5.25 |
CVE-2021-21339
|
PHP:TYPO3-CMS-2021-21339 | TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier | high |
2021-03-16T09:03:23
(3 years ago) |
|
Affected | >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 |
CVE-2021-21340
|
PHP:TYPO3-CMS-2021-21340 | TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview | medium |
2021-03-16T09:03:36
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.25 >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 |
CVE-2021-21355
|
PHP:TYPO3-CMS-2021-21355 | TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework | high |
2021-03-16T08:57:27
(3 years ago) |
|
Affected | >= 10.0.0, < 10.4.14 >= 11.0.0, < 11.1.1 >= 9.0.0, < 9.5.25 |
CVE-2021-21357
|
PHP:TYPO3-CMS-2021-21357 | TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework | high |
2021-03-16T08:59:40
(3 years ago) |
|
Affected | >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 |
CVE-2021-21358
|
PHP:TYPO3-CMS-2021-21358 | TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework | medium |
2021-03-16T09:02:46
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.25 >= 10.0.0, < 10.4.14 >= 11.0.0, < 11.1.1 |
CVE-2021-21359
|
PHP:TYPO3-CMS-2021-21359 | TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling | high |
2021-03-16T08:58:04
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.25 >= 11.0.0, < 11.1.1 >= 10.0.0, < 10.4.14 |
CVE-2021-21370
|
PHP:TYPO3-CMS-2021-21370 | TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview | medium |
2021-03-16T08:58:42
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.28 >= 11.0.0, < 11.3.1 >= 10.0.0, < 10.4.18 |
CVE-2021-32667
|
PHP:TYPO3-CMS-2021-32667 | TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview | medium |
2021-07-20T09:14:15
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.28 >= 10.0.0, < 10.4.18 >= 11.0.0, < 11.3.1 |
CVE-2021-32668
|
PHP:TYPO3-CMS-2021-32668 | TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View | medium |
2021-07-20T09:14:31
(3 years ago) |
|
Affected | >= 9.0.0, < 9.5.28 >= 11.0.0, < 11.3.1 >= 10.0.0, < 10.4.18 |
CVE-2021-32669
|
PHP:TYPO3-CMS-2021-32669 | TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View | medium |
2021-07-20T09:14:46
(3 years ago) |
|
Affected | >= 11.0.0, < 11.3.1 >= 10.0.0, < 10.4.18 >= 9.0.0, < 9.5.28 |
CVE-2021-32767
|
PHP:TYPO3-CMS-2021-32767 | TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication | medium |
2021-07-20T09:18:25
(3 years ago) |
|
Affected | >= 10.0.0, < 10.4.19 >= 11.0.0, < 11.3.2 >= 9.0.0, < 9.5.29 |
CVE-2021-32768
|
PHP:TYPO3-CMS-2021-32768 | TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content | medium |
2021-08-10T07:50:53
(3 years ago) |
|
Affected | >= 11.2.0, < 11.5.0 |
CVE-2021-41113
|
PHP:TYPO3-CMS-2021-41113 | TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling | high |
2021-10-05T11:02:10
(2 years ago) |
|
Affected | >= 11.0.0, < 11.5.0 |
CVE-2021-41114
|
PHP:TYPO3-CMS-2021-41114 | TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling | medium |
2021-10-05T11:02:47
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.33 >= 11.0.0, < 11.5.20 >= 12.0.0, < 12.1.1 |
CVE-2022-23499
|
PHP:TYPO3-CMS-2022-23499 | TYPO3-CORE-SA-2022-017: By-passing Cross-Site Scripting Protection in HTML Sanitizer | medium |
2022-12-13T09:19:37
(21 months ago) |
|
Affected | >= 10.0.0, < 10.4.33 >= 11.0.0, < 11.5.20 |
CVE-2022-23500
|
PHP:TYPO3-CMS-2022-23500 | TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling | high |
2022-12-13T09:18:48
(21 months ago) |
|
Affected | >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 >= 12.0.0, < 12.1.1 |
CVE-2022-23501
|
PHP:TYPO3-CMS-2022-23501 | TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login | medium |
2022-12-13T09:19:57
(21 months ago) |
|
Affected | >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 >= 12.0.0, < 12.1.1 |
CVE-2022-23502
|
PHP:TYPO3-CMS-2022-23502 | TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset | medium |
2022-12-13T09:20:08
(21 months ago) |
|
Affected | >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 >= 12.0.0, < 12.1.1 |
CVE-2022-23503
|
PHP:TYPO3-CMS-2022-23503 | TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework | high |
2022-12-13T09:20:17
(21 months ago) |
|
Affected | >= 12.0.0, < 12.1.1 >= 11.0.0, < 11.5.20 >= 10.0.0, < 10.4.33 |
CVE-2022-23504
|
PHP:TYPO3-CMS-2022-23504 | TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration | medium |
2022-12-13T09:21:07
(21 months ago) |
|
Affected | >= 10.0.0, < 10.4.29 >= 11.0.0, < 11.5.11 |
CVE-2022-31046
|
PHP:TYPO3-CMS-2022-31046 | TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module | medium |
2022-06-14T07:11:18
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.29 >= 11.0.0, < 11.5.11 |
CVE-2022-31047
|
PHP:TYPO3-CMS-2022-31047 | TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger | medium |
2022-06-14T07:11:27
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.29 >= 11.0.0, < 11.5.11 |
CVE-2022-31048
|
PHP:TYPO3-CMS-2022-31048 | TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework | medium |
2022-06-14T07:11:36
(2 years ago) |
|
Affected | >= 11.0.0, < 11.5.11 >= 10.0.0, < 10.4.29 |
CVE-2022-31049
|
PHP:TYPO3-CMS-2022-31049 | TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer | medium |
2022-06-14T07:12:40
(2 years ago) |
|
Affected | >= 11.0.0, < 11.5.11 >= 10.0.0, < 10.4.29 |
CVE-2022-31050
|
PHP:TYPO3-CMS-2022-31050 | TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool | high |
2022-06-14T07:12:52
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 |
CVE-2022-36020
|
PHP:TYPO3-CMS-2022-36020 | TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer | medium |
2022-09-13T08:07:02
(2 years ago) |
|
Affected | >= 11.0.0, < 11.5.16 |
CVE-2022-36104
|
PHP:TYPO3-CMS-2022-36104 | TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling | high |
2022-09-13T08:07:10
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 |
CVE-2022-36105
|
PHP:TYPO3-CMS-2022-36105 | TYPO3-CORE-SA-2022-007: User Enumeration via Response Timing | medium |
2022-09-13T08:06:22
(2 years ago) |
|
Affected | >= 11.0.0, < 11.5.16 >= 10.0.0, < 10.4.32 |
CVE-2022-36106
|
PHP:TYPO3-CMS-2022-36106 | TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users | medium |
2022-09-13T08:07:29
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 |
CVE-2022-36107
|
PHP:TYPO3-CMS-2022-36107 | TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController | medium |
2022-09-13T08:06:41
(2 years ago) |
|
Affected | >= 10.0.0, < 10.4.32 >= 11.0.0, < 11.5.16 |
CVE-2022-36108
|
PHP:TYPO3-CMS-2022-36108 | TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper | medium |
2022-09-13T08:06:53
(2 years ago) |
|
Affected | >= 12.0.0, < 12.2.0 >= 11.0.0, < 11.5.23 >= 10.0.0, < 10.4.35 |
CVE-2023-24814
|
PHP:TYPO3-CMS-2023-24814 | TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering | medium |
2023-02-07T09:25:10
(19 months ago) |