TYPO3 Security Vulnerabilities
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the ShowImageController (eID tx_cms_showpic ) lacks a cryptographic HMAC-signature on the frame HTTP query parameter (e.g....
5.3CVSS
5.2AI Score
0.0004EPSS
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the ShowImageController (eID tx_cms_showpic ) is vulnerable to...
5.4CVSS
5.1AI Score
0.0004EPSS
TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user...
5.4CVSS
6.2AI Score
0.0004EPSS
TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...
3.5CVSS
6.6AI Score
0.0004EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this...
4.3CVSS
4.6AI Score
0.0004EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of $GLOBALS['SYS']['encryptionKey'] was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic...
4.9CVSS
5AI Score
0.0004EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific t3:// URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling...
4.3CVSS
4.4AI Score
0.0004EPSS
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party...
8.6AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and...
7.1CVSS
6.7AI Score
0.0004EPSS
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the...
7.5CVSS
7.2AI Score
0.024EPSS
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature...
7.2AI Score
0.003EPSS
In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST /typo3/record/edit with ../../../ in...
4.9CVSS
4.9AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in...
6.1CVSS
5.9AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the...
5.4CVSS
5.2AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios...
5.3CVSS
5.1AI Score
0.001EPSS
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...
6.1CVSS
5.9AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A...
6.5CVSS
6.3AI Score
0.001EPSS
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 mishandles Phar stub parsing, which allows attackers to bypass a deserialization protection...
9.8CVSS
9.2AI Score
0.023EPSS
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar...
9.8CVSS
9.3AI Score
0.033EPSS
ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the ckeditor-wordcount-plugin plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the...
6.1CVSS
6AI Score
0.001EPSS
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious...
6.1CVSS
5.9AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...
5.3CVSS
5.1AI Score
0.001EPSS
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace....
6.5CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted...
8.8CVSS
8.5AI Score
0.001EPSS
TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component GeneralUtility::getIndpEnv() uses the unfiltered server environment variable PATH_INFO, which allows attackers to inject malicious content. In...
8.8CVSS
5.8AI Score
0.003EPSS
TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could....
5.7CVSS
5.2AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page....
7.5CVSS
7.3AI Score
0.002EPSS
TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both...
5.4CVSS
5.7AI Score
0.001EPSS
TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to....
8.8CVSS
8.5AI Score
0.001EPSS
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an...
10CVSS
9.3AI Score
0.001EPSS
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.002EPSS
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.002EPSS
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified...
5.4AI Score
0.001EPSS
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown...
7AI Score
0.004EPSS
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack...
6.9AI Score
0.002EPSS
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.001EPSS
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.9AI Score
0.001EPSS
Unspecified vulnerability in the ClickStream Analyzer [output] (alternet_csa_out) extension 0.3.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown...
6.4AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the [AN] Search it! (an_searchit) extension 2.4.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...
5.8AI Score
0.001EPSS
Unspecified vulnerability in the Watchdog (aba_watchdog) extension 2.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack...
6.2AI Score
0.002EPSS