typo3

346 tracked vulnerabilities.

CVE-2024-55893 MEDIUM
TYPO3 10.0.0-10.4.47 - Cross-Site Request Forgery via Backend Deep Links
Jan 14, 2025
CVSS 4.3
EPSS 0.01
CVE-2024-55892 MEDIUM
TYPO3 9.0.0-9.5.48 - Open Redirect via URI Host Validation Bypass
Jan 14, 2025
CVSS 4.8
EPSS 0.00
CVE-2024-55891 LOW
TYPO3 13.4.2 - Insertion of Sensitive Information into Log File
Jan 14, 2025
CVSS 3.1
EPSS 0.00
CVE-2024-34537 MEDIUM
TYPO3 < 13.3.1 - Authenticated Denial of Service in Bookmark Toolbar
Oct 28, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-47780 LOW
TYPO3 10.0.0-10.4.45 and 13.0.0-13.3.0 - Incorrect Authorization in Backend Page Tree
Oct 08, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-34358 MEDIUM
TYPO3 <9.5.48 ELTS, <10.4.45 ELTS, <11.5.37 LTS, <12.4.15 LTS, <13....
May 14, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-34357 MEDIUM
TYPO3 <9.0.0-<9.5.48 ELTS,<10.4.45 ELTS,<11.5.37 LTS,<12.4.15 LTS,<...
May 14, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34356 MEDIUM
TYPO3 <9.0.0-9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 1...
May 14, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34355 LOW
TYPO3 13.0.0-13.1.0 - Authenticated HTML Injection in History Backend Module
May 14, 2024
CVSS 3.5
EPSS 0.01
CVE-2024-22188 HIGH
TYPO3 < 8.7.57 - Authenticated Command Injection via Install Tool Form Fields
Mar 05, 2024
CVSS 7.2
EPSS 0.01
CVE-2024-25121 HIGH
TYPO3 8.0.0-8.7.56 - Authenticated Improper Access Control in File Abstraction Layer
Feb 13, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-25120 MEDIUM
TYPO3 Core - Unauthorized Resource Access via t3:// URI Scheme
Feb 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25119 MEDIUM
TYPO3 8.0.0-8.7.56 - Authenticated Exposure of Sensitive Information via Install Tool Editing Forms
Feb 13, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-25118 MEDIUM
TYPO3 <8.7.57-13.0.1 - Info Disclosure
Feb 13, 2024
CVSS 4.3
EPSS 0.01
CVE-2023-30451 MEDIUM
TYPO3 11.5.24 - Authenticated Path Traversal via Filelist BaseURI Parameter
Dec 25, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-47127 MEDIUM
TYPO3 8.0.0-8.7.54, 11.0.0-11.5.32 - Authentication Bypass via Session Cookie Reuse
Nov 14, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-47126 LOW
TYPO3 12.2.0-12.4.7 - Unauthenticated Sensitive Information Exposure via Install Tool Login Screen
Nov 14, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-47125 MEDIUM
TYPO3 html_sanitizer < 1.5.3 - Cross-Site Scripting via DOM Processing Instruction Bypass
Nov 14, 2023
CVSS 4.7
EPSS 0.01
CVE-2023-38500 MEDIUM
TYPO3 HTML Sanitizer <1.5.1-2.1.2 - Auth Bypass
Jul 25, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-38499 LOW
TYPO3 <9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 - Info Disclosure
Jul 25, 2023
CVSS 3.7
EPSS 0.02
CVE-2023-24814 HIGH
TYPO3 8.7.0-8.7.50, 10.0.0-10.4.34, 11.0.0-11.5.22, 12.0.0-12.1.9 - Persisted XSS via PATH_INFO Injection
Feb 07, 2023
CVSS 8.8
EPSS 0.01
CVE-2022-47406 MEDIUM
Change password for frontend users < 2.0.5 and 3.0.0-3.0.3 - Insufficient Session Expiration
Dec 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-23504 MEDIUM
TYPO3 < 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Sensitive Information Disclosure via YAML Placeholder Expressions
Dec 14, 2022
CVSS 5.7
EPSS 0.00
CVE-2022-23503 HIGH
TYPO3 < 8.7.49, 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Authenticated Code Injection via Form Designer TypoScript
Dec 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23502 MEDIUM
TYPO3 10.0.0-10.4.32 - Insufficient Session Expiration in Password Recovery
Dec 14, 2022
CVSS 5.4
EPSS 0.00
Products
typo3 218 cms 116 cms-core 85 cms-backend 22 cms-install 6 cms-form 4 cms-frontend 4 dam_frontend_extension 4 html-sanitizer 4 html_sanitizer 4 wec_discussion_forum 4 Extension "Faceted Search" 3 pdf_generator_2_extension 3 Extension "Mailqueue" 2 address_directory 2 air_filemanager 2 beuserswitch 2 cms-beuser 2 cms-dashboard 2 cms-recycler 2 cms-workspaces 2 commerce_extension 2 eluna_page_comments_extension 2 ns backup extension 2 phar-stream-wrapper 2 pharstreamwrapper 2 sql_frontend_extension 2 sr feuser register extension 2 sr_feuser_register_extension 2 terminal 2
Quick Filters
Critical CVEs With Exploits In CISA KEV